@echo off :: https://privacy.sexy — v0.10.3 — Sat, 09 Oct 2021 16:09:43 GMT :: Ensure admin privileges fltmc >nul 2>&1 || ( echo Administrator privileges are required. PowerShell Start -Verb RunAs '%0' 2> nul || ( echo Right-click on the script and select "Run as administrator". pause & exit 1 ) exit 0 ) :: ---------------------------------------------------------- :: ------------Delete controversial default0 user------------ :: ---------------------------------------------------------- echo --- Delete controversial default0 user net user defaultuser0 /delete 2>nul :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Enable Reset Base in Dism Component Store--------- :: ---------------------------------------------------------- echo --- Enable Reset Base in Dism Component Store reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\Configuration" /v "DisableResetbase" /t "REG_DWORD" /d "0" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Remove Default Apps Associations------------- :: ---------------------------------------------------------- echo --- Remove Default Apps Associations dism /online /Remove-DefaultAppAssociations :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Clear (Reset) Network Data Usage------------- :: ---------------------------------------------------------- echo --- Clear (Reset) Network Data Usage setlocal EnableDelayedExpansion SET /A dps_service_running=0 SC queryex "DPS"|Find "STATE"|Find /v "RUNNING">Nul||( SET /A dps_service_running=1 net stop DPS ) del /F /S /Q /A "%windir%\System32\sru*" IF !dps_service_running! == 1 ( net start DPS ) endlocal :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Clear Flash traces-------------------- :: ---------------------------------------------------------- echo --- Clear Flash traces rd /s /q "%APPDATA%\Macromedia\Flash Player" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Clear Steam dumps, logs, and traces------------ :: ---------------------------------------------------------- echo --- Clear Steam dumps, logs, and traces del /f /q %ProgramFiles(x86)%\Steam\Dumps del /f /q %ProgramFiles(x86)%\Steam\Traces del /f /q %ProgramFiles(x86)%\Steam\appcache\*.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Clear Visual Studio telemetry and feedback data------ :: ---------------------------------------------------------- echo --- Clear Visual Studio telemetry and feedback data rmdir /s /q "%AppData%\vstelemetry" 2>nul rmdir /s /q "%LocalAppData%\Microsoft\VSApplicationInsights" 2>nul rmdir /s /q "%ProgramData%\Microsoft\VSApplicationInsights" 2>nul rmdir /s /q "%Temp%\Microsoft\VSApplicationInsights" 2>nul rmdir /s /q "%Temp%\VSFaultInfo" 2>nul rmdir /s /q "%Temp%\VSFeedbackPerfWatsonData" 2>nul rmdir /s /q "%Temp%\VSFeedbackVSRTCLogs" 2>nul rmdir /s /q "%Temp%\VSRemoteControl" 2>nul rmdir /s /q "%Temp%\VSTelem" 2>nul rmdir /s /q "%Temp%\VSTelem.Out" 2>nul :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Clear Dotnet CLI telemetry---------------- :: ---------------------------------------------------------- echo --- Clear Dotnet CLI telemetry rmdir /s /q "%USERPROFILE%\.dotnet\TelemetryStorageService" 2>nul :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Clear regedit last key------------------ :: ---------------------------------------------------------- echo --- Clear regedit last key reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" /va /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Clear regedit favorites------------------ :: ---------------------------------------------------------- echo --- Clear regedit favorites reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" /va /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Clear list of recent programs opened----------- :: ---------------------------------------------------------- echo --- Clear list of recent programs opened reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU" /va /f reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Clear Adobe Media Browser MRU--------------- :: ---------------------------------------------------------- echo --- Clear Adobe Media Browser MRU reg delete "HKCU\Software\Adobe\MediaBrowser\MRU" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Clear MSPaint MRU--------------------- :: ---------------------------------------------------------- echo --- Clear MSPaint MRU reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" /va /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Clear Wordpad MRU--------------------- :: ---------------------------------------------------------- echo --- Clear Wordpad MRU reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Clear Map Network Drive MRU MRU-------------- :: ---------------------------------------------------------- echo --- Clear Map Network Drive MRU MRU reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /va /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Clear Windows Search Assistant history---------- :: ---------------------------------------------------------- echo --- Clear Windows Search Assistant history reg delete "HKCU\Software\Microsoft\Search Assistant\ACMru" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Clear list of Recent Files Opened, by Filetype------ :: ---------------------------------------------------------- echo --- Clear list of Recent Files Opened, by Filetype reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /va /f reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /va /f reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Clear windows media player recent files and URLs----- :: ---------------------------------------------------------- echo --- Clear windows media player recent files and URLs reg delete "HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList" /va /f reg delete "HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList" /va /f reg delete "HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\RecentFileList" /va /f reg delete "HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\RecentURLList" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Clear Most Recent Application's Use of DirectX------ :: ---------------------------------------------------------- echo --- Clear Most Recent Application's Use of DirectX reg delete "HKCU\Software\Microsoft\Direct3D\MostRecentApplication" /va /f reg delete "HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Clear Windows Run MRU & typedpaths------------ :: ---------------------------------------------------------- echo --- Clear Windows Run MRU ^& typedpaths reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /va /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Clear recently accessed files--------------- :: ---------------------------------------------------------- echo --- Clear recently accessed files del /f /q "%APPDATA%\Microsoft\Windows\Recent\AutomaticDestinations\*" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Clear Internet Explorer traces-------------- :: ---------------------------------------------------------- echo --- Clear Internet Explorer traces del /f /q "%localappdata%\Microsoft\Windows\INetCache\IE\*" reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLs" /va /f reg delete "HKCU\SOFTWARE\Microsoft\Internet Explorer\TypedURLsTime" /va /f rd /s /q "%localappdata%\Microsoft\Internet Explorer" rd /s /q "%APPDATA%\Microsoft\Windows\Cookies" rd /s /q "%USERPROFILE%\Cookies" rd /s /q "%USERPROFILE%\Local Settings\Traces" rd /s /q "%localappdata%\Temporary Internet Files" rd /s /q "%localappdata%\Microsoft\Windows\Temporary Internet Files" rd /s /q "%localappdata%\Microsoft\Windows\INetCookies\PrivacIE" rd /s /q "%localappdata%\Microsoft\Feeds Cache" rd /s /q "%localappdata%\Microsoft\InternetExplorer\DOMStore" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Clear Google Chrome traces---------------- :: ---------------------------------------------------------- echo --- Clear Google Chrome traces del /f /q "%localappdata%\Google\Software Reporter Tool\*.log" rd /s /q "%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data" rd /s /q "%localappdata%\Google\Chrome\User Data" rd /s /q "%localappdata%\Google\CrashReports\"" rd /s /q "%localappdata%\Google\Chrome\User Data\Crashpad\reports\"" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Clear Opera traces-------------------- :: ---------------------------------------------------------- echo --- Clear Opera traces rd /s /q "%USERPROFILE%\AppData\Local\Opera\Opera" rd /s /q "%APPDATA%\Opera\Opera" rd /s /q "%USERPROFILE%\Local Settings\Application Data\Opera\Opera" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Clear Safari traces-------------------- :: ---------------------------------------------------------- echo --- Clear Safari traces rd /s /q "%USERPROFILE%\AppData\Local\Apple Computer\Safari\Traces" rd /s /q "%APPDATA%\Apple Computer\Safari" del /q /s /f "%USERPROFILE%\AppData\Local\Apple Computer\Safari\Cache.db" del /q /s /f "%USERPROFILE%\AppData\Local\Apple Computer\Safari\WebpageIcons.db" rd /s /q "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Traces" del /q /s /f "%USERPROFILE%\Local Settings\Application Data\Apple Computer\Safari\Cache.db" del /q /s /f "%USERPROFILE%\Local Settings\Application Data\Safari\WebpageIcons.db" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Clear Windows temp files----------------- :: ---------------------------------------------------------- echo --- Clear Windows temp files del /f /q %localappdata%\Temp\* rd /s /q "%WINDIR%\Temp" rd /s /q "%TEMP%" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Clear main telemetry file----------------- :: ---------------------------------------------------------- echo --- Clear main telemetry file if exist "%ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl" ( takeown /f "%ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl" /r /d y icacls "%ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl" /grant administrators:F /t echo "" > "%ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl" echo Clear successful: "%ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl" ) else ( echo "Main telemetry file does not exist. Good!" ) :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: Clear Optional Component Manager and COM+ components logs- :: ---------------------------------------------------------- echo --- Clear Optional Component Manager and COM+ components logs del /f /q %SystemRoot%\comsetup.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Clear Distributed Transaction Coordinator logs------ :: ---------------------------------------------------------- echo --- Clear Distributed Transaction Coordinator logs del /f /q %SystemRoot%\DtcInstall.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Clear Windows Deployment Upgrade Process Logs------- :: ---------------------------------------------------------- echo --- Clear Windows Deployment Upgrade Process Logs del /f /q %SystemRoot%\setupact.log del /f /q %SystemRoot%\setuperr.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Clear Windows Setup Logs----------------- :: ---------------------------------------------------------- echo --- Clear Windows Setup Logs del /f /q %SystemRoot%\setupapi.log del /f /q %SystemRoot%\Panther\* del /f /q %SystemRoot%\inf\setupapi.app.log del /f /q %SystemRoot%\inf\setupapi.dev.log del /f /q %SystemRoot%\inf\setupapi.offline.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Clear Windows System Assessment Tool logs--------- :: ---------------------------------------------------------- echo --- Clear Windows System Assessment Tool logs del /f /q %SystemRoot%\Performance\WinSAT\winsat.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Clear Password change events--------------- :: ---------------------------------------------------------- echo --- Clear Password change events del /f /q %SystemRoot%\debug\PASSWD.LOG :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Clear user web cache database--------------- :: ---------------------------------------------------------- echo --- Clear user web cache database del /f /q %localappdata%\Microsoft\Windows\WebCache\*.* :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Clear system temp folder when no one is logged in----- :: ---------------------------------------------------------- echo --- Clear system temp folder when no one is logged in del /f /q %SystemRoot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* :: ---------------------------------------------------------- :: Clear DISM (Deployment Image Servicing and Management) Logs echo --- Clear DISM (Deployment Image Servicing and Management) Logs del /f /q %SystemRoot%\Logs\CBS\CBS.log del /f /q %SystemRoot%\Logs\DISM\DISM.log :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Common Language Runtime Logs--------------- :: ---------------------------------------------------------- echo --- Common Language Runtime Logs del /f /q "%LocalAppData%\Microsoft\CLR_v4.0\UsageTraces\*" del /f /q "%LocalAppData%\Microsoft\CLR_v4.0_32\UsageTraces\*" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Network Setup Service Events Logs------------- :: ---------------------------------------------------------- echo --- Network Setup Service Events Logs del /f /q "%SystemRoot%\Logs\NetSetup\*" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Clear Windows update and SFC scan logs---------- :: ---------------------------------------------------------- echo --- Clear Windows update and SFC scan logs del /f /q %SystemRoot%\Temp\CBS\* :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Clear Windows Update Medic Service logs---------- :: ---------------------------------------------------------- echo --- Clear Windows Update Medic Service logs takeown /f %SystemRoot%\Logs\waasmedic /r /d y icacls %SystemRoot%\Logs\waasmedic /grant administrators:F /t rd /s /q %SystemRoot%\Logs\waasmedic :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Clear Cryptographic Services Traces------------ :: ---------------------------------------------------------- echo --- Clear Cryptographic Services Traces del /f /q %SystemRoot%\System32\catroot2\dberr.txt del /f /q %SystemRoot%\System32\catroot2.log del /f /q %SystemRoot%\System32\catroot2.jrs del /f /q %SystemRoot%\System32\catroot2.edb del /f /q %SystemRoot%\System32\catroot2.chk :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable cloud speech recognition------------- :: ---------------------------------------------------------- echo --- Disable cloud speech recognition reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t "REG_DWORD" /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Opt out from Windows privacy consent----------- :: ---------------------------------------------------------- echo --- Opt out from Windows privacy consent reg add "HKCU\SOFTWARE\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Disable Windows feedback----------------- :: ---------------------------------------------------------- echo --- Disable Windows feedback reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f reg delete "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Disable text and handwriting collection---------- :: ---------------------------------------------------------- echo --- Disable text and handwriting collection reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d 1 /f reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d 1 /f reg add "HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t REG_DWORD /d 1 /f reg add "HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t REG_DWORD /d 1 /f reg add "HKCU\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------Turn off sensors--------------------- :: ---------------------------------------------------------- echo --- Turn off sensors reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableSensors" /t REG_DWORD /d "1" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Disable Wi-Fi sense-------------------- :: ---------------------------------------------------------- echo --- Disable Wi-Fi sense reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v "value" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v "value" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v "AutoConnectAllowedOEM" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Disable Inventory Collector---------------- :: ---------------------------------------------------------- echo --- Disable Inventory Collector reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Disable Website Access of Language List---------- :: ---------------------------------------------------------- echo --- Disable Website Access of Language List reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable Auto Downloading Maps--------------- :: ---------------------------------------------------------- echo --- Disable Auto Downloading Maps reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AllowUntriggeredNetworkTrafficOnSettingsPage" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AutoDownloadAndUpdateMapData" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Disable steps recorder------------------ :: ---------------------------------------------------------- echo --- Disable steps recorder reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable game screen recording--------------- :: ---------------------------------------------------------- echo --- Disable game screen recording reg add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Disable Windows DRM internet access------------ :: ---------------------------------------------------------- echo --- Disable Windows DRM internet access reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable feedback on write (sending typing info)------ :: ---------------------------------------------------------- echo --- Disable feedback on write (sending typing info) reg add "HKLM\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Disable Activity Feed------------------- :: ---------------------------------------------------------- echo --- Disable Activity Feed reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /d "0" /t REG_DWORD /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Disable Customer Experience Improvement (CEIP/SQM)---- :: ---------------------------------------------------------- echo --- Disable Customer Experience Improvement (CEIP/SQM) reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t REG_DWORD /d "0" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Disable Application Impact Telemetry (AIT)-------- :: ---------------------------------------------------------- echo --- Disable Application Impact Telemetry (AIT) reg add "HKLM\Software\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t REG_DWORD /d "0" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable diagnostics telemetry--------------- :: ---------------------------------------------------------- echo --- Disable diagnostics telemetry reg add "HKLM\SYSTEM\ControlSet001\Services\DiagTrack" /v "Start" /t REG_DWORD /d 4 /f reg add "HKLM\SYSTEM\ControlSet001\Services\dmwappushsvc" /v "Start" /t REG_DWORD /d 4 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice" /v "Start" /t REG_DWORD /d 4 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service" /v "Start" /t REG_DWORD /d 4 /f sc stop "DiagTrack" & sc config "DiagTrack" start=disabled sc stop "dmwappushservice" & sc config "dmwappushservice" start=disabled sc stop "diagnosticshub.standardcollector.service" & sc config "diagnosticshub.standardcollector.service" start=disabled sc stop "diagsvc" & sc config "diagsvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable Customer Experience Improvement Program------ :: ---------------------------------------------------------- echo --- Disable Customer Experience Improvement Program schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /DISABLE schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /DISABLE schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /DISABLE :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Disable telemetry in data collection policy-------- :: ---------------------------------------------------------- echo --- Disable telemetry in data collection policy reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /d 0 /t REG_DWORD /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "LimitEnhancedDiagnosticDataWindowsAnalytics" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Disable license telemetry----------------- :: ---------------------------------------------------------- echo --- Disable license telemetry reg add "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "NoGenTicket" /t "REG_DWORD" /d "1" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Disable error reporting------------------ :: ---------------------------------------------------------- echo --- Disable error reporting :: Disable Windows Error Reporting (WER) reg add "HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t "REG_DWORD" /d "1" /f :: DefaultConsent / 1 - Always ask (default) / 2 - Parameters only / 3 - Parameters and safe data / 4 - All data reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t REG_DWORD /d "0" /f reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultOverrideBehavior" /t REG_DWORD /d "1" /f :: Disable WER sending second-level data reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t REG_DWORD /d "1" /f :: Disable WER crash dialogs, popups reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "1" /f schtasks /Change /TN "Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" /Disable schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable :: Disable Windows Error Reporting Service sc stop "WerSvc" & sc config "WerSvc" start=disabled sc stop "wercplsupport" & sc config "wercplsupport" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Disable devicecensus.exe (telemetry) task--------- :: ---------------------------------------------------------- echo --- Disable devicecensus.exe (telemetry) task schtasks /change /TN "Microsoft\Windows\Device Information\Device" /disable :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Disable devicecensus.exe (telemetry) process------- :: ---------------------------------------------------------- echo --- Disable devicecensus.exe (telemetry) process reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe'" /v "Debugger" /t REG_SZ /d "%windir%\System32\taskkill.exe" /f :: ---------------------------------------------------------- :: Disable sending information to Customer Experience Improvement Program echo --- Disable sending information to Customer Experience Improvement Program schtasks /change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable Application Impact Telemetry Agent task------ :: ---------------------------------------------------------- echo --- Disable Application Impact Telemetry Agent task schtasks /change /TN "Microsoft\Windows\Application Experience\AitAgent" /disable :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Disable Microsoft Compatibility Appraiser task------ :: ---------------------------------------------------------- echo --- Disable Microsoft Compatibility Appraiser task schtasks /change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable :: ---------------------------------------------------------- :: Disable CompatTelRunner.exe (Microsoft Compatibility Appraiser) process echo --- Disable CompatTelRunner.exe (Microsoft Compatibility Appraiser) process reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe'" /v "Debugger" /t REG_SZ /d "%windir%\System32\taskkill.exe" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Deny app access to location---------------- :: ---------------------------------------------------------- echo --- Deny app access to location reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /d "Deny" /f :: For older Windows (before 1903) reg add "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" /v "Status" /d "0" /t REG_DWORD /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Deny app access to account info, name, and picture---- :: ---------------------------------------------------------- echo --- Deny app access to account info, name, and picture reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /v "Value" /d "Deny" /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Deny app access to motion data-------------- :: ---------------------------------------------------------- echo --- Deny app access to motion data reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity" /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Deny app access to phone----------------- :: ---------------------------------------------------------- echo --- Deny app access to phone :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Deny app access to trusted devices------------ :: ---------------------------------------------------------- echo --- Deny app access to trusted devices :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: Deny app sync with devices (unpaired, beacons, TVs, etc.)- :: ---------------------------------------------------------- echo --- Deny app sync with devices (unpaired, beacons, TVs, etc.) :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: Deny app access to diagnostics info about your other apps- :: ---------------------------------------------------------- echo --- Deny app access to diagnostics info about your other apps reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" /v "Value" /d "Deny" /t REG_SZ /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Deny app access to your contacts------------- :: ---------------------------------------------------------- echo --- Deny app access to your contacts reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{7D7E8402-7C54-4821-A34E-AEEFD62DED93}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Deny app access to Notifications------------- :: ---------------------------------------------------------- echo --- Deny app access to Notifications reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{52079E78-A92B-413F-B213-E8FE35712E72}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Deny app access to Calendar---------------- :: ---------------------------------------------------------- echo --- Deny app access to Calendar reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Deny app access to call history-------------- :: ---------------------------------------------------------- echo --- Deny app access to call history :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Deny app access to email----------------- :: ---------------------------------------------------------- echo --- Deny app access to email reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}" /t REG_SZ /v "Value" /d DENY /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Deny app access to tasks----------------- :: ---------------------------------------------------------- echo --- Deny app access to tasks reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /v "Value" /d "Deny" /t REG_SZ /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Deny app access to messaging (SMS / MMS)--------- :: ---------------------------------------------------------- echo --- Deny app access to messaging (SMS / MMS) reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}" /t REG_SZ /v "Value" /d "Deny" /f reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}" /t REG_SZ /v "Value" /d "Deny" /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Deny app access to radios----------------- :: ---------------------------------------------------------- echo --- Deny app access to radios reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios" /v "Value" /d "Deny" /t REG_SZ /f :: For older Windows (before 1903) reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /t REG_SZ /v "Value" /d DENY /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios_UserInControlOfTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios_ForceAllowTheseApps" /t REG_MULTI_SZ /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios_ForceDenyTheseApps" /t REG_MULTI_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Deny app access to bluetooth devices----------- :: ---------------------------------------------------------- echo --- Deny app access to bluetooth devices reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync" /v "Value" /d "Deny" /t REG_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Deny app access to Document folder------------ :: ---------------------------------------------------------- echo --- Deny app access to Document folder reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /v "Value" /d "Deny" /t REG_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Deny app access to Pictures folder------------ :: ---------------------------------------------------------- echo --- Deny app access to Pictures folder reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /v "Value" /d "Deny" /t REG_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Deny app access to Videos folder------------- :: ---------------------------------------------------------- echo --- Deny app access to Videos folder reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /v "Value" /d "Deny" /t REG_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Deny app access to other filesystem------------ :: ---------------------------------------------------------- echo --- Deny app access to other filesystem reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /v "Value" /d "Deny" /t REG_SZ /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable apps and Cortana to activate with voice------ :: ---------------------------------------------------------- echo --- Disable apps and Cortana to activate with voice reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" /v "AgentActivationEnabled" /t REG_DWORD /d 0 /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoice" /t REG_DWORD /d 2 /f :: ---------------------------------------------------------- :: Disable apps and Cortana to activate with voice when sytem is locked echo --- Disable apps and Cortana to activate with voice when sytem is locked reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" /v "AgentActivationOnLockScreenEnabled" /t REG_DWORD /d 0 /f :: Using GPO (re-activation through GUI is not possible) reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoiceAboveLock" /t REG_DWORD /d 2 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Turn off location scripting---------------- :: ---------------------------------------------------------- echo --- Turn off location scripting reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t REG_DWORD /d "1" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Turn off location--------------------- :: ---------------------------------------------------------- echo --- Turn off location reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /d "1" /t REG_DWORD /f :: For older Windows (before 1903) reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /d "0" /t REG_DWORD /f reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "Value" /t REG_SZ /d "Deny" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Do not allow search to use location------------ :: ---------------------------------------------------------- echo --- Do not allow search to use location reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable web search in search bar------------- :: ---------------------------------------------------------- echo --- Disable web search in search bar reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Disable Bing search-------------------- :: ---------------------------------------------------------- echo --- Disable Bing search reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Do not allow Cortana------------------- :: ---------------------------------------------------------- echo --- Do not allow Cortana reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Do not allow Cortana experience-------------- :: ---------------------------------------------------------- echo --- Do not allow Cortana experience reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana" /v "value" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: Do not allow search and Cortana to search cloud sources like OneDrive and SharePoint echo --- Do not allow search and Cortana to search cloud sources like OneDrive and SharePoint reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCloudSearch" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: Disable Cortana speech interaction while the system is locked echo --- Disable Cortana speech interaction while the system is locked reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortanaAboveLock" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Opt out from Cortana consent--------------- :: ---------------------------------------------------------- echo --- Opt out from Cortana consent reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "CortanaConsent" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Do not allow Cortana to be enabled------------ :: ---------------------------------------------------------- echo --- Do not allow Cortana to be enabled reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CanCortanaBeEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -Disable Cortana (Internet search results in start menu)-- :: ---------------------------------------------------------- echo --- Disable Cortana (Internet search results in start menu) reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaEnabled" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Remove the Cortana taskbar icon-------------- :: ---------------------------------------------------------- echo --- Remove the Cortana taskbar icon reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v "ShowCortanaButton" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable Cortana in ambient mode-------------- :: ---------------------------------------------------------- echo --- Disable Cortana in ambient mode reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "CortanaInAmbientMode" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Prevent Cortana from displaying history---------- :: ---------------------------------------------------------- echo --- Prevent Cortana from displaying history reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "HistoryViewEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Prevent Cortana from using device history--------- :: ---------------------------------------------------------- echo --- Prevent Cortana from using device history reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "DeviceHistoryEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Disable "Hey Cortana" voice activation---------- :: ---------------------------------------------------------- echo --- Disable "Hey Cortana" voice activation reg add "HKCU\Software\Microsoft\Speech_OneCore\Preferences" /v "VoiceActivationOn" /t REG_DWORD /d 0 /f reg add "HKLM\Software\Microsoft\Speech_OneCore\Preferences" /v "VoiceActivationDefaultOn" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -Disable Cortana listening to commands on Windows key + C- :: ---------------------------------------------------------- echo --- Disable Cortana listening to commands on Windows key + C reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "VoiceShortcut" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable using Cortana even when device is locked----- :: ---------------------------------------------------------- echo --- Disable using Cortana even when device is locked reg add "HKCU\Software\Microsoft\Speech_OneCore\Preferences" /v "VoiceActivationEnableAboveLockscreen" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Disable automatic update of Speech Data---------- :: ---------------------------------------------------------- echo --- Disable automatic update of Speech Data reg add "HKCU\Software\Microsoft\Speech_OneCore\Preferences" /v "ModelDownloadAllowed" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Disable Cortana voice support during Windows setup---- :: ---------------------------------------------------------- echo --- Disable Cortana voice support during Windows setup reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE" /v "DisableVoice" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable search indexing encrypted items / stores----- :: ---------------------------------------------------------- echo --- Disable search indexing encrypted items / stores reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --Do not use automatic language detection when indexing--- :: ---------------------------------------------------------- echo --- Do not use automatic language detection when indexing reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AlwaysUseAutoLangDetection" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Disable ad customization with Advertising ID------- :: ---------------------------------------------------------- echo --- Disable ad customization with Advertising ID reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Turn Off Suggested Content in Settings app-------- :: ---------------------------------------------------------- echo --- Turn Off Suggested Content in Settings app reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /d "0" /t REG_DWORD /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353694Enabled" /d "0" /t REG_DWORD /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353696Enabled" /d "0" /t REG_DWORD /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Disable Windows Tips------------------- :: ---------------------------------------------------------- echo --- Disable Windows Tips reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t REG_DWORD /d "1" /f :: ---------------------------------------------------------- :: Disable Windows Spotlight (random wallpaper on lock screen) echo --- Disable Windows Spotlight (random wallpaper on lock screen) reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t "REG_DWORD" /d "1" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Disable Microsoft consumer experiences---------- :: ---------------------------------------------------------- echo --- Disable Microsoft consumer experiences reg add "HKLM\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t "REG_DWORD" /d "1" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable Windows Insider Service-------------- :: ---------------------------------------------------------- echo --- Disable Windows Insider Service sc stop "wisvc" & sc config "wisvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Do not let Microsoft try features on this build------ :: ---------------------------------------------------------- echo --- Do not let Microsoft try features on this build reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableExperimentation" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableConfigFlighting" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" /v "value" /t "REG_DWORD" /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Disable getting preview builds of Windows--------- :: ---------------------------------------------------------- echo --- Disable getting preview builds of Windows reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "AllowBuildPreview" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Disable all settings sync----------------- :: ---------------------------------------------------------- echo --- Disable all settings sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSyncUserOverride" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSyncOnPaidNetwork" /t REG_DWORD /d 1 /f reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" /v "SyncPolicy" /t REG_DWORD /d 5 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable Application Setting Sync------------- :: ---------------------------------------------------------- echo --- Disable Application Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable App Sync Setting Sync--------------- :: ---------------------------------------------------------- echo --- Disable App Sync Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable Credentials Setting Sync------------- :: ---------------------------------------------------------- echo --- Disable Credentials Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSyncUserOverride" /t REG_DWORD /d 1 /f reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials" /v "Enabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable Desktop Theme Setting Sync------------ :: ---------------------------------------------------------- echo --- Disable Desktop Theme Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Disable Personalization Setting Sync----------- :: ---------------------------------------------------------- echo --- Disable Personalization Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable Start Layout Setting Sync------------- :: ---------------------------------------------------------- echo --- Disable Start Layout Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable Web Browser Setting Sync------------- :: ---------------------------------------------------------- echo --- Disable Web Browser Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Disable Windows Setting Sync--------------- :: ---------------------------------------------------------- echo --- Disable Windows Setting Sync reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSync" /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSyncUserOverride" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable Language Setting Sync--------------- :: ---------------------------------------------------------- echo --- Disable Language Setting Sync reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /t REG_DWORD /v "Enabled" /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable NET Core CLI telemetry-------------- :: ---------------------------------------------------------- echo --- Disable NET Core CLI telemetry setx DOTNET_CLI_TELEMETRY_OPTOUT 1 :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable PowerShell 7+ telemetry-------------- :: ---------------------------------------------------------- echo --- Disable PowerShell 7+ telemetry setx POWERSHELL_TELEMETRY_OPTOUT 1 :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable Google update service--------------- :: ---------------------------------------------------------- echo --- Disable Google update service sc stop "gupdate" & sc config "gupdate" start=disabled sc stop "gupdatem" & sc config "gupdatem" start=disabled schtasks /change /disable /tn "GoogleUpdateTaskMachineCore" schtasks /change /disable /tn "GoogleUpdateTaskMachineUA" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Disable Adobe Acrobat update service----------- :: ---------------------------------------------------------- echo --- Disable Adobe Acrobat update service sc stop "AdobeARMservice" & sc config "AdobeARMservice" start=disabled sc stop "adobeupdateservice" & sc config "adobeupdateservice" start=disabled sc stop "adobeflashplayerupdatesvc" & sc config "adobeflashplayerupdatesvc" start=disabled schtasks /change /tn "Adobe Acrobat Update Task" /disable schtasks /change /tn "Adobe Flash Player Updater" /disable :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable Razer Game Scanner Service------------ :: ---------------------------------------------------------- echo --- Disable Razer Game Scanner Service sc stop "Razer Game Scanner Service" & sc config "Razer Game Scanner Service" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Disable Logitech Gaming Registry Service--------- :: ---------------------------------------------------------- echo --- Disable Logitech Gaming Registry Service sc stop "LogiRegistryService" & sc config "LogiRegistryService" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Disable Dropbox auto update service------------ :: ---------------------------------------------------------- echo --- Disable Dropbox auto update service sc stop "dbupdate" & sc config "dbupdate" start=disabled sc stop "dbupdatem" & sc config "dbupdatem" start=disabled schtasks /Change /DISABLE /TN "DropboxUpdateTaskMachineCore" schtasks /Change /DISABLE /TN "DropboxUpdateTaskMachineUA" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable visual studio telemetry-------------- :: ---------------------------------------------------------- echo --- Disable visual studio telemetry reg add "HKCU\Software\Microsoft\VisualStudio\Telemetry" /v "TurnOffSwitch" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable Visual Studio feedback-------------- :: ---------------------------------------------------------- echo --- Disable Visual Studio feedback reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableFeedbackDialog" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableEmailInput" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\VisualStudio\Feedback" /v "DisableScreenshotCapture" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: Stop and disable Visual Studio Standard Collector Service- :: ---------------------------------------------------------- echo --- Stop and disable Visual Studio Standard Collector Service sc stop "VSStandardCollectorService150" & sc config "VSStandardCollectorService150" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Disable SQM OS key-------------------- :: ---------------------------------------------------------- echo --- Disable SQM OS key if %PROCESSOR_ARCHITECTURE%==x86 ( REM is 32 bit? reg add "HKLM\SOFTWARE\Microsoft\VSCommon\14.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\VSCommon\15.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\VSCommon\16.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f ) else ( reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\14.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\16.0\SQM" /v "OptIn" /t REG_DWORD /d 0 /f ) :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Disable SQM group policy----------------- :: ---------------------------------------------------------- echo --- Disable SQM group policy reg add "HKLM\Software\Policies\Microsoft\VisualStudio\SQM" /v "OptIn" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Do not send Watson events----------------- :: ---------------------------------------------------------- echo --- Do not send Watson events reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericReports" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: Disable Malicious Software Reporting tool diagnostic data- :: ---------------------------------------------------------- echo --- Disable Malicious Software Reporting tool diagnostic data reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: Disable local setting override for reporting to Microsoft MAPS echo --- Disable local setting override for reporting to Microsoft MAPS reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Turn off Windows Defender SpyNet reporting-------- :: ---------------------------------------------------------- echo --- Turn off Windows Defender SpyNet reporting reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Do not send file samples for further analysis------- :: ---------------------------------------------------------- echo --- Do not send file samples for further analysis reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Uninstall NVIDIA telemetry tasks------------- :: ---------------------------------------------------------- echo --- Uninstall NVIDIA telemetry tasks if exist "%ProgramFiles%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL" ( rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetryContainer rundll32 "%PROGRAMFILES%\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage NvTelemetry ) :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Delete NVIDIA residual telemetry files---------- :: ---------------------------------------------------------- echo --- Delete NVIDIA residual telemetry files del /s %SystemRoot%\System32\DriverStore\FileRepository\NvTelemetry*.dll rmdir /s /q "%ProgramFiles(x86)%\NVIDIA Corporation\NvTelemetry" 2>nul rmdir /s /q "%ProgramFiles%\NVIDIA Corporation\NvTelemetry" 2>nul :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Opt out from NVIDIA telemetry--------------- :: ---------------------------------------------------------- echo --- Opt out from NVIDIA telemetry reg add "HKLM\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client" /v "OptInOrOutPreference" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS" /v "EnableRID44231" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS" /v "EnableRID64640" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\NVIDIA Corporation\Global\FTS" /v "EnableRID66610" /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\Startup" /v "SendTelemetryData" /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\services\NvTelemetryContainer" /v "Start" /t REG_DWORD /d 4 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable NVIDIA telemetry services------------- :: ---------------------------------------------------------- echo --- Disable NVIDIA telemetry services schtasks /change /TN NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /DISABLE schtasks /change /TN NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /DISABLE schtasks /change /TN NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} /DISABLE :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Disable Visual Studio Code telemetry----------- :: ---------------------------------------------------------- echo --- Disable Visual Studio Code telemetry PowerShell -ExecutionPolicy Unrestricted -Command "$jsonfile = \"$env:APPDATA\Code\User\settings.json\"; if (!(Test-Path $jsonfile -PathType Leaf)) { Write-Host \"No updates. Settings file was not at $jsonfile\"; exit 0; } $json = Get-Content $jsonfile | Out-String | ConvertFrom-Json; $json | Add-Member -Type NoteProperty -Name 'telemetry.enableTelemetry' -Value $false -Force; $json | ConvertTo-Json | Set-Content $jsonfile;" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Disable Visual Studio Code crash reporting-------- :: ---------------------------------------------------------- echo --- Disable Visual Studio Code crash reporting PowerShell -ExecutionPolicy Unrestricted -Command "$jsonfile = \"$env:APPDATA\Code\User\settings.json\"; if (!(Test-Path $jsonfile -PathType Leaf)) { Write-Host \"No updates. Settings file was not at $jsonfile\"; exit 0; } $json = Get-Content $jsonfile | Out-String | ConvertFrom-Json; $json | Add-Member -Type NoteProperty -Name 'telemetry.enableCrashReporter' -Value $false -Force; $json | ConvertTo-Json | Set-Content $jsonfile;" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Do not run Microsoft online experiments---------- :: ---------------------------------------------------------- echo --- Do not run Microsoft online experiments PowerShell -ExecutionPolicy Unrestricted -Command "$jsonfile = \"$env:APPDATA\Code\User\settings.json\"; if (!(Test-Path $jsonfile -PathType Leaf)) { Write-Host \"No updates. Settings file was not at $jsonfile\"; exit 0; } $json = Get-Content $jsonfile | Out-String | ConvertFrom-Json; $json | Add-Member -Type NoteProperty -Name 'workbench.enableExperiments' -Value $false -Force; $json | ConvertTo-Json | Set-Content $jsonfile;" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Disable Microsoft Office logging------------- :: ---------------------------------------------------------- echo --- Disable Microsoft Office logging reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Disable client telemetry----------------- :: ---------------------------------------------------------- echo --- Disable client telemetry reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Customer Experience Improvement Program---------- :: ---------------------------------------------------------- echo --- Customer Experience Improvement Program reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------Disable feedback--------------------- :: ---------------------------------------------------------- echo --- Disable feedback reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Disable telemetry agent------------------ :: ---------------------------------------------------------- echo --- Disable telemetry agent schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /DISABLE schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /DISABLE schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /DISABLE schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /DISABLE :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable live tile data collection------------- :: ---------------------------------------------------------- echo --- Disable live tile data collection reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main" /v "PreventLiveTileDataCollection" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Disable MFU tracking------------------- :: ---------------------------------------------------------- echo --- Disable MFU tracking reg add "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /v "DisableMFUTracking" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Disable recent apps-------------------- :: ---------------------------------------------------------- echo --- Disable recent apps reg add "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /v "DisableRecentApps" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Turn off backtracking------------------- :: ---------------------------------------------------------- echo --- Turn off backtracking reg add "HKCU\Software\Policies\Microsoft\Windows\EdgeUI" /v "TurnOffBackstack" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable Search Suggestions in Edge------------ :: ---------------------------------------------------------- echo --- Disable Search Suggestions in Edge reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\SearchScopes" /v "ShowSearchSuggestionsGlobal" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: Disable Edge usage and crash-related data reporting (shows "Your browser is managed") echo --- Disable Edge usage and crash-related data reporting (shows "Your browser is managed") reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: Disable sending site information (shows "Your browser is managed") echo --- Disable sending site information (shows "Your browser is managed") reg add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "SendSiteInfoToImproveServices" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Disable Geolocation in Internet Explorer--------- :: ---------------------------------------------------------- echo --- Disable Geolocation in Internet Explorer reg add "HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation" /v "PolicyDisableGeolocation" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Disable Internet Explorer InPrivate logging-------- :: ---------------------------------------------------------- echo --- Disable Internet Explorer InPrivate logging reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Safety\PrivacIE" /v "DisableLogging" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable Internet Explorer CEIP-------------- :: ---------------------------------------------------------- echo --- Disable Internet Explorer CEIP reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\SQM" /v "DisableCustomerImprovementProgram" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------Disable calling legacy WCM policies------------ :: ---------------------------------------------------------- echo --- Disable calling legacy WCM policies reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "CallLegacyWCMPolicies" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Disable SSLv3 fallback------------------ :: ---------------------------------------------------------- echo --- Disable SSLv3 fallback reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "EnableSSL3Fallback" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Disable ignoring cert errors--------------- :: ---------------------------------------------------------- echo --- Disable ignoring cert errors reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "PreventIgnoreCertErrors" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Disable Chrome Software Reporter Tool----------- :: ---------------------------------------------------------- echo --- Disable Chrome Software Reporter Tool icacls "%localappdata%\Google\Chrome\User Data\SwReporter" /inheritance:r /deny "*S-1-1-0:(OI)(CI)(F)" "*S-1-5-7:(OI)(CI)(F)" cacls "%localappdata%\Google\Chrome\User Data\SwReporter" /e /c /d %username% reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d 1 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "software_reporter_tool.exe" /f :: ---------------------------------------------------------- :: Disable Chrome metrics reporting (shows "Your browser is managed") echo --- Disable Chrome metrics reporting (shows "Your browser is managed") reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "MetricsReportingEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: Do not share scanned software data to Google (shows "Your browser is managed") echo --- Do not share scanned software data to Google (shows "Your browser is managed") reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupReportingEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: Prevent Chrome from scanning the system for cleanup (shows "Your browser is managed") echo --- Prevent Chrome from scanning the system for cleanup (shows "Your browser is managed") reg add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "ChromeCleanupEnabled" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Disable Firefox metrics reporting------------- :: ---------------------------------------------------------- echo --- Disable Firefox metrics reporting reg add HKLM\SOFTWARE\Policies\Mozilla\Firefox /v DisableTelemetry /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Disable default browser agent reporting policy------ :: ---------------------------------------------------------- echo --- Disable default browser agent reporting policy reg add HKLM\SOFTWARE\Policies\Mozilla\Firefox /v DisableDefaultBrowserAgent /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable default browser agent reporting services----- :: ---------------------------------------------------------- echo --- Disable default browser agent reporting services schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" schtasks.exe /change /disable /tn "\Mozilla\Firefox Default Browser Agent D2CEEC440E2074BD" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Do not send Windows Media Player statistics-------- :: ---------------------------------------------------------- echo --- Do not send Windows Media Player statistics reg add "HKCU\SOFTWARE\Microsoft\MediaPlayer\Preferences" /v "UsageTracking" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Disable metadata retrieval---------------- :: ---------------------------------------------------------- echo --- Disable metadata retrieval reg add "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventCDDVDMetadataRetrieval" /t REG_DWORD /d 1 /f reg add "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventMusicFileMetadataRetrieval" /t REG_DWORD /d 1 /f reg add "HKCU\Software\Policies\Microsoft\WindowsMediaPlayer" /v "PreventRadioPresetsRetrieval" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---Disable Windows Media Player Network Sharing Service--- :: ---------------------------------------------------------- echo --- Disable Windows Media Player Network Sharing Service sc stop "WMPNetworkSvc" & sc config "WMPNetworkSvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable administrative shares--------------- :: ---------------------------------------------------------- echo --- Disable administrative shares reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Disable AutoPlay and AutoRun--------------- :: ---------------------------------------------------------- echo --- Disable AutoPlay and AutoRun :: 255 (0xff) means all drives reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 255 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAutorun" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "NoAutoplayfornonVolume" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Disable remote Assistance----------------- :: ---------------------------------------------------------- echo --- Disable remote Assistance reg add "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v "fAllowToGetHelp" /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance" /v "fAllowFullControl" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Disable lock screen camera---------------- :: ---------------------------------------------------------- echo --- Disable lock screen camera reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreenCamera" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -Prevent the storage of the LAN Manager hash of passwords- :: ---------------------------------------------------------- echo --- Prevent the storage of the LAN Manager hash of passwords reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "NoLMHash" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: Disable Windows Installer Always install with elevated privileges echo --- Disable Windows Installer Always install with elevated privileges reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer" /v "AlwaysInstallElevated" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Prevent WinRM from using Basic Authentication------- :: ---------------------------------------------------------- echo --- Prevent WinRM from using Basic Authentication reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client" /v "AllowBasic" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Restrict anonymous enumeration of shares--------- :: ---------------------------------------------------------- echo --- Restrict anonymous enumeration of shares reg add "HKLM\SYSTEM\CurrentControlSet\Control\LSA" /v "RestrictAnonymous" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Refuse less secure authentication------------- :: ---------------------------------------------------------- echo --- Refuse less secure authentication reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LmCompatibilityLevel" /t REG_DWORD /d 5 /f :: ---------------------------------------------------------- :: Enable Structured Exception Handling Overwrite Protection (SEHOP) echo --- Enable Structured Exception Handling Overwrite Protection (SEHOP) reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Block Anonymous enumeration of SAM accounts-------- :: ---------------------------------------------------------- echo --- Block Anonymous enumeration of SAM accounts reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "RestrictAnonymousSAM" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---Restrict anonymous access to Named Pipes and Shares---- :: ---------------------------------------------------------- echo --- Restrict anonymous access to Named Pipes and Shares reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters" /v "RestrictNullSessAccess" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Disable the Windows Connect Now wizard---------- :: ---------------------------------------------------------- echo --- Disable the Windows Connect Now wizard reg add "HKLM\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableFlashConfigRegistrar" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableInBand802DOT11Registrar" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableUPnPRegistrar" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableWPDRegistrar" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "EnableRegistrars" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Disable unsafe SMBv1 protocol--------------- :: ---------------------------------------------------------- echo --- Disable unsafe SMBv1 protocol dism /online /Disable-Feature /FeatureName:"SMB1Protocol" /NoRestart dism /Online /Disable-Feature /FeatureName:"SMB1Protocol-Client" /NoRestart dism /Online /Disable-Feature /FeatureName:"SMB1Protocol-Server" /NoRestart :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Disable PowerShell 2.0 against downgrade attacks----- :: ---------------------------------------------------------- echo --- Disable PowerShell 2.0 against downgrade attacks dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2Root" /NoRestart dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2" /NoRestart :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Disable lock screen app notifications----------- :: ---------------------------------------------------------- echo --- Disable lock screen app notifications reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "DisableLockScreenAppNotifications" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Disable Live Tiles push notifications----------- :: ---------------------------------------------------------- echo --- Disable Live Tiles push notifications reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoTileApplicationNotification" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Turn off "Look For An App In The Store" option------ :: ---------------------------------------------------------- echo --- Turn off "Look For An App In The Store" option reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "NoUseStoreOpenWith" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Disable online tips-------------------- :: ---------------------------------------------------------- echo --- Disable online tips reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "AllowOnlineTips" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------Turn off Internet File Association service-------- :: ---------------------------------------------------------- echo --- Turn off Internet File Association service reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInternetOpenWith" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Turn off the "Order Prints" picture task--------- :: ---------------------------------------------------------- echo --- Turn off the "Order Prints" picture task reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoOnlinePrintsWizard" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Disable the file and folder Publish to Web option----- :: ---------------------------------------------------------- echo --- Disable the file and folder Publish to Web option reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoPublishingWizard" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---Prevent downloading a list of providers for wizards---- :: ---------------------------------------------------------- echo --- Prevent downloading a list of providers for wizards reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoWebServices" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Delivery Optimization (P2P Windows Updates)-------- :: ---------------------------------------------------------- echo --- Delivery Optimization (P2P Windows Updates) sc stop "DoSvc" & sc config "DoSvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Microsoft Windows Live ID Service------------- :: ---------------------------------------------------------- echo --- Microsoft Windows Live ID Service sc stop "wlidsvc" & sc config "wlidsvc" start=demand :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Program Compatibility Assistant Service---------- :: ---------------------------------------------------------- echo --- Program Compatibility Assistant Service sc stop "PcaSvc" & sc config "PcaSvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------Downloaded Maps Manager------------------ :: ---------------------------------------------------------- echo --- Downloaded Maps Manager sc stop "MapsBroker" & sc config "MapsBroker" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Microsoft Retail Demo experience------------- :: ---------------------------------------------------------- echo --- Microsoft Retail Demo experience sc stop "RetailDemo" & sc config "RetailDemo" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Windows Push Notification Service------------- :: ---------------------------------------------------------- echo --- Windows Push Notification Service sc stop "WpnService" & sc config "WpnService" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Xbox Live Auth Manager------------------ :: ---------------------------------------------------------- echo --- Xbox Live Auth Manager sc stop "XblAuthManager" & sc config "XblAuthManager" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Xbox Live Game Save-------------------- :: ---------------------------------------------------------- echo --- Xbox Live Game Save sc stop "XblGameSave" & sc config "XblGameSave" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Xbox Live Networking Service--------------- :: ---------------------------------------------------------- echo --- Xbox Live Networking Service sc stop "XboxNetApiSvc" & sc config "XboxNetApiSvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Uninstall Cortana app------------------- :: ---------------------------------------------------------- echo --- Uninstall Cortana app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.549981C3F5F10' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------Feedback Hub app--------------------- :: ---------------------------------------------------------- echo --- Feedback Hub app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.WindowsFeedbackHub' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------Windows Maps app--------------------- :: ---------------------------------------------------------- echo --- Windows Maps app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.WindowsMaps' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------MSN Weather app---------------------- :: ---------------------------------------------------------- echo --- MSN Weather app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.BingWeather' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------------MSN Sports app---------------------- :: ---------------------------------------------------------- echo --- MSN Sports app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.BingSports' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----------------------MSN News app----------------------- :: ---------------------------------------------------------- echo --- MSN News app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.BingNews' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------------MSN Money app----------------------- :: ---------------------------------------------------------- echo --- MSN Money app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.BingFinance' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------------My Office app----------------------- :: ---------------------------------------------------------- echo --- My Office app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.MicrosoftOfficeHub' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Xbox Console Companion app---------------- :: ---------------------------------------------------------- echo --- Xbox Console Companion app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxApp' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Xbox Live in-game experience app------------- :: ---------------------------------------------------------- echo --- Xbox Live in-game experience app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.Xbox.TCUI' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------Xbox Game Bar app--------------------- :: ---------------------------------------------------------- echo --- Xbox Game Bar app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxGamingOverlay' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Xbox Game Bar Plugin appcache--------------- :: ---------------------------------------------------------- echo --- Xbox Game Bar Plugin appcache PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxGameOverlay' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Xbox Identity Provider app---------------- :: ---------------------------------------------------------- echo --- Xbox Identity Provider app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxIdentityProvider' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------Xbox Speech To Text Overlay app-------------- :: ---------------------------------------------------------- echo --- Xbox Speech To Text Overlay app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.XboxSpeechToTextOverlay' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Microsoft Advertising app----------------- :: ---------------------------------------------------------- echo --- Microsoft Advertising app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.Advertising.Xaml' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------------Network Speed Test app------------------ :: ---------------------------------------------------------- echo --- Network Speed Test app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.NetworkSpeedTest' | Remove-AppxPackage" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------------Holographic First Run app----------------- :: ---------------------------------------------------------- echo --- Holographic First Run app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.Holographic.FirstRun'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Windows 10 Family Safety / Parental Controls app----- :: ---------------------------------------------------------- echo --- Windows 10 Family Safety / Parental Controls app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.ParentalControls'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------------------Windows Feedback app------------------- :: ---------------------------------------------------------- echo --- Windows Feedback app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.WindowsFeedback'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------CBS Preview app---------------------- :: ---------------------------------------------------------- echo --- CBS Preview app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Windows.CBSPreview'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------------Clear Java cache--------------------- :: ---------------------------------------------------------- echo --- Clear Java cache rd /s /q "%APPDATA%\Sun\Java\Deployment\cache" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Disable active probing (pings to MSFT NCSI server)---- :: ---------------------------------------------------------- echo --- Disable active probing (pings to MSFT NCSI server) reg add "HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet" /v "EnableActiveProbing" /t REG_DWORD /d "0" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --Disable "Disable apps to improve performance" reminder-- :: ---------------------------------------------------------- echo --- Disable "Disable apps to improve performance" reminder schtasks /change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /disable :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -Disable device metadata retrieval (breaks auto updates)-- :: ---------------------------------------------------------- echo --- Disable device metadata retrieval (breaks auto updates) reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Do not include drivers with Windows Updates-------- :: ---------------------------------------------------------- echo --- Do not include drivers with Windows Updates reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Prevent Windows Update for device driver search------ :: ---------------------------------------------------------- echo --- Prevent Windows Update for device driver search reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t REG_DWORD /d 0 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------------Do not allow the use of biometrics------------ :: ---------------------------------------------------------- echo --- Do not allow the use of biometrics reg add "HKLM\SOFTWARE\Policies\Microsoft\Biometrics" /v "Enabled" /t REG_DWORD /d "0" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ------Do not allow users to log on using biometrics------- :: ---------------------------------------------------------- echo --- Do not allow users to log on using biometrics reg add "HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider" /v "Enabled" /t "REG_DWORD" /d "0" /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Do not start Windows Biometric Service---------- :: ---------------------------------------------------------- echo --- Do not start Windows Biometric Service reg add "HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc" /v "Start" /t REG_DWORD /d 4 /f sc stop "WbioSrvc" & sc config "WbioSrvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Do not show recently used files in Quick Access------ :: ---------------------------------------------------------- echo --- Do not show recently used files in Quick Access reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /d 0 /t "REG_DWORD" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}" /f if not %PROCESSOR_ARCHITECTURE%==x86 ( REM is 64 bit? reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\HomeFolderDesktop\NameSpace\DelegateFolders\{3134ef9c-6b18-4996-ad04-ed5912e00eb5}" /f ) :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Do not keep history of recently opened documents----- :: ---------------------------------------------------------- echo --- Do not keep history of recently opened documents reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoRecentDocsHistory" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Clear history of recently opened documents on exit---- :: ---------------------------------------------------------- echo --- Clear history of recently opened documents on exit reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "ClearRecentDocsOnExit" /t REG_DWORD /d 1 /f :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------User Data Storage (UnistoreSvc) Service---------- :: ---------------------------------------------------------- echo --- User Data Storage (UnistoreSvc) Service sc stop "UnistoreSvc" & sc config "UnistoreSvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----------Sync Host (OneSyncSvc) Service Service---------- :: ---------------------------------------------------------- echo --- Sync Host (OneSyncSvc) Service Service sc stop "OneSyncSvc" & sc config "OneSyncSvc" start=disabled :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------------App Connector app--------------------- :: ---------------------------------------------------------- echo --- App Connector app PowerShell -ExecutionPolicy Unrestricted -Command "Get-AppxPackage 'Microsoft.Appconnector' | Remove-AppxPackage" :: ---------------------------------------------------------- :: Microsoft AAD Broker Plugin app (breaks Office app authentication) echo --- Microsoft AAD Broker Plugin app (breaks Office app authentication) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.AAD.BrokerPlugin'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---Bio enrollment app (breaks biometric authentication)--- :: ---------------------------------------------------------- echo --- Bio enrollment app (breaks biometric authentication) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.BioEnrollment'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Microsoft Edge (Legacy) app---------------- :: ---------------------------------------------------------- echo --- Microsoft Edge (Legacy) app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.MicrosoftEdge'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -------Microsoft Edge (Legacy) Dev Tools Client app------- :: ---------------------------------------------------------- echo --- Microsoft Edge (Legacy) Dev Tools Client app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.MicrosoftEdgeDevToolsClient'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: -----Win32 Web View Host app / Desktop App Web Viewer----- :: ---------------------------------------------------------- echo --- Win32 Web View Host app / Desktop App Web Viewer PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Win32WebViewHost'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------------Microsoft PPI Projection app--------------- :: ---------------------------------------------------------- echo --- Microsoft PPI Projection app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.PPIProjection'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: Cloud Experience Host app (breaks Microsoft cloud/corporate sign in) echo --- Cloud Experience Host app (breaks Microsoft cloud/corporate sign in) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.CloudExperienceHost'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: Content Delivery Manager app (automatically installs apps) echo --- Content Delivery Manager app (automatically installs apps) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.ContentDeliveryManager'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: My People / People Bar App on taskbar (People Experience Host) echo --- My People / People Bar App on taskbar (People Experience Host) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.PeopleExperienceHost'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --------------Secondary Tile Experience app--------------- :: ---------------------------------------------------------- echo --- Secondary Tile Experience app PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.SecondaryTileExperience'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: Secure Assessment Browser app (breaks Microsoft Intune/Graph) echo --- Secure Assessment Browser app (breaks Microsoft Intune/Graph) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.Windows.SecureAssessmentBrowser'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ----Xbox Game Callable UI app (breaks Xbox Live games)---- :: ---------------------------------------------------------- echo --- Xbox Game Callable UI app (breaks Xbox Live games) PowerShell -ExecutionPolicy Unrestricted -Command "$package = (Get-AppxPackage -AllUsers 'Microsoft.XboxGameCallableUI'); if (!$package) { Write-Host 'Not installed'; exit 0; } $directories = @($package.InstallLocation, \"$env:LOCALAPPDATA\Packages\$($package.PackageFamilyName)\"); foreach($dir in $directories) { if ( !$dir -Or !(Test-Path \"$dir\") ) { continue; } cmd /c ('takeown /f \"' + $dir + '\" /r /d y 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } cmd /c ('icacls \"' + $dir + '\" /grant administrators:F /t 1> nul'); if($LASTEXITCODE) { throw 'Failed to take ownership'; } $files = Get-ChildItem -File -Path $dir -Recurse -Force; foreach($file in $files) { if($file.Name.EndsWith('.OLD')) { continue; } $newName = $file.FullName + '.OLD'; Write-Host \"Rename '$($file.FullName)' to '$newName'\"; Move-Item -LiteralPath \"$($file.FullName)\" -Destination \"$newName\" -Force; } }" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: --OneSync capability (breaks Mail, People, and Calendar)-- :: ---------------------------------------------------------- echo --- OneSync capability (breaks Mail, People, and Calendar) PowerShell -ExecutionPolicy Unrestricted -Command "Get-WindowsCapability -Online -Name 'OneCoreUAP.OneSync*' | Remove-WindowsCapability -Online" :: ---------------------------------------------------------- :: ---------------------------------------------------------- :: ---------Change NTP (time) server to pool.ntp.org--------- :: ---------------------------------------------------------- echo --- Change NTP (time) server to pool.ntp.org :: Configure time source w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" :: Stop time service if running SC queryex "w32time"|Find "STATE"|Find /v "RUNNING">Nul||( net stop w32time ) :: Start time service and sync now net start w32time w32tm /config /update w32tm /resync :: ---------------------------------------------------------- pause exit /b 0