Windows 10 is surprisingly fun to use. It’s like they took Windows 7 and Windows 8.1 and combined the two. They didn’t get it all right though. This article contains some tips you should probably know when you start using it.

The Problem With Windows 10

Microsoft have cleaned hows and got rid of their QA staff so that you, a customer in production environments can test their patches.

Microsoft thinks they know more about what your IT environment needs are than you do. They also take liberties with updating incorrect drivers and turn up the collection of data.

Windows 10 Data Collection

  1. Windows 10 is more social than previous versions. Therefore, they want to mine user data for the purpose of making the operating system more personalized.
  2. They want to collect data about user’s habits and usage patterns, regardless of whether applications that normally collect data are open or not. They say they want to improve the diagnostics and troubleshooting process.
  3. They want to attempt to decentralize Windows updates a little more so other computers running windows 10 can help crowd source updates in a peer to peer manner.

These features are enabled by default in all Windows 10 editions. This is a problem for nearly everyone due to the risk of data exposure to Microsoft and which ever 3rd parties they want to sell us out to.

Let’s see what we can do to stop the bleeding.

How Do I Know Which Version of Windows 10 I’m Running?

In the search box on the bottom left, type winver and press Enter. This opens the About Windows dialog box, where you’ll see the version that’s running on your device.

Prevent Automatic Driver Downloads

You can also prevent drivers from being automatically installed by following these steps [From Reddit]:

  1. Open the Control Panel by right-clicking the Start button and selecting Control Panel.
  2. Navigate to System and Security > System > Advanced system settings.
  3. Click the Hardware tab, click Device Installation Settings, and select the “No, let me choose what to do” option.
  4. Select “Never install driver software from Windows Update.”
  5. Hit Save Changes.
  6. Continue to Driver and Software Uninstall.

Another sourceHow to temporarily prevent a Windows or driver update from reinstalling in Windows 10 on Microsoft Support.

Disable Spying

If you use a Windows 10 privacy tools and disable some of the telemetry, you should know the registry entries you would be changing. Policy locations will also be provided as necessary.

Telemetry Services

  1. Connected User Experience and Telemetry (DiagTrack)
  2. Dmwappushsvc (dmwappushservice)
  • Note – You can disabled this in Settings > Privacy > Feedback & diagnostics. Basic under “Diagnostic and usage data” for home users.

Telemetry Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry
  • Policy – Allow Telemetry.
  • Location – Administrative Templates | Windows Components | Data Collection and Preview Builds – set to Enabled and Options to “0 – Off [Enterprise Only]”.

Picture Password Sign in

  • Policy – Turn off picture password sign in.
  • Location – Administrative Templates | System | Logon – set to Enabled.

PIN Sign in

  • Policy – Turn on PIN sign in.
  • Location – Administrative Templates | System | Logon – set to Enabled.
  • Note – Enabled provided the PIN is long enough.

Microsoft Passport

  • Policy – Use Microsoft Passport for Work.
  • Location – Administrative Templates | Windows Components | Microsoft Passport for Work – set to Disabled.
  • Note – Used with biometrics and PINs.

Consumer Experience Improvement Program (CEIP) Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable

Consumer Experience Improvement Program (CEIP) Scheduled Tasks

  1. Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
  2. Microsoft\Windows\Application Experience\ProgramDataUpdater
  3. Microsoft\Windows\Autochk\Proxy
  4. Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
  5. Microsoft\Windows\Customer Experience Improvement Program\Consolidator

Application Impact Telemetry (AIT) Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat\AITEnable
  • Policy – Turn off Application Telemetry.
  • Location – Administrative Templates | Windows Components | Application Compatibility – set to Enabled.

Steps Recorder Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat\DisableUAR

WiFi Sense (HotSpot Sharing) Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting\value
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots\value

Apps Use Advertising ID

  1. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo\Enabled
  • Policy – Turn off the Advertising ID.
  • Location – Administrative Templates | System | User Profiles – set to Enabled.

P2P Windows Updates Outside Local Network

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode
  2. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\SystemSettingsDownloadMode
  • Policy – DownloadMode.
  • Location – Preferences | Windows Settings | Registry.
  • Note – Key created with Replace action. Value type of Config key is REG_DWORD and the value is 0. Check setting “Remove this item when it is no longer applied” on the Common tab. This should be checked. You can also disabled this by going to Settings > Update & security > Windows Update > Advanced options > Choose how updates are delivered. You’re looking for distributed updates.

Microsoft Accounts

  • Policy – Accounts: Block Microsoft Accounts.
  • Location – Windows Settings | Security Settings | Local Policies | Security Options – “Define this policy setting” and choose “Users can’t add or log on with Microsoft Accounts”.
  • Note – You can switch to a local account by going to Settings > Accounts > Sign in with a local account instead.

Web Search Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Search\DisableWebSearch
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Search\ConnectedSearchUseWeb
  3. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Search\ConnectedSearchUseWebOverMeteredConnections

Cortana Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana\value
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowCortana
  • Policy – Allow input personalization.
  • Location – Administrative Templates | Control Panel | Regional and Language Options – set to Disabled.
  • Note – Disables Cortana search, collection of speech, collection of handwriting patterns, collection of typing history, collection of contacts, and collection of calendar information. Also called “Getting to know you.” You can disabled this in the Privacy menu in Settings.
  • Policy – Allow Cortana.
  • Location – Administrative Templates | Windows Components | Search – set to Disabled.

OneDrive Service

  1. Sync Host (OneSyncSvc)
  2. Sync Host_Session1 (OneSyncSvc_Session1)

Note: Do not stop these services if you use Windows Mail app.

OneDrive Group Policy

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive\DisableFileSyncNGSC

Remote Registry Service

  1. RemoteRegistry

Office 15 (2013) Telemetry Group Policy

  1. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\15.0\osm\enablelogging
  2. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\15.0\osm\enablefileobfuscation
  3. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\15.0\osm\enableupload

Office 15 (2013) Telemetry Scheduled Tasks

  1. Microsoft\Office\OfficeTelemtryAgentFallBack
  2. Microsoft\Office\OfficeTelemetryAgentLogOn

Office 16 (2016) Telemetry Group Policy

  1. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\osm\enablelogging
  2. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\osm\enablefileobfuscation
  3. HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\osm\enableupload

Office 16 (2016) Telemetry Scheduled Tasks

  1. Microsoft\Office\OfficeTelemetryAgentFallBack2016
  2. Microsoft\Office\OfficeTelemetryAgentLogOn2016

Additional Reading on Windows 10 Privacy Settings

Pin It on Pinterest