Windows 10 New Admin Info

Windows 10 is surprisingly fun to use. It’s like they took Windows 7 and Windows 8.1 and combined the two. They didn’t get it all right though. This article contains some tips you should probably know when you start using it.

Table of Contents

The Problem With Windows 10

Microsoft have cleaned hows and got rid of their QA staff so that you, a customer in production environments can test their patches.

Microsoft thinks they know more about what your IT environment needs are than you do. They also take liberties with updating incorrect drivers and turn up the collection of data.

Windows 10 Data Collection

Windows 10 is more social than previous versions. Therefore, they want to mine user data for the purpose of making the operating system more personalized.
They want to collect data about user’s habits and usage patterns, regardless of whether applications that normally collect data are open or not. They say they want to improve the diagnostics and troubleshooting process.
They want to attempt to decentralize Windows updates a little more so other computers running windows 10 can help crowd source updates in a peer to peer manner.

These features are enabled by default in all Windows 10 editions. This is a problem for nearly everyone due to the risk of data exposure to Microsoft and which ever 3rd parties they want to sell us out to.

Let’s see what we can do to stop the bleeding.

How Do I Know Which Version of Windows 10 I’m Running?

In the search box on the bottom left, type winver and press Enter. This opens the About Windows dialog box, where you’ll see the version that’s running on your device.

Prevent Automatic Driver Downloads

You can also prevent drivers from being automatically installed by following these steps [From Reddit]:

Open the Control Panel by right-clicking the Start button and selecting Control Panel.
Navigate to System and Security > System > Advanced system settings.
Click the Hardware tab, click Device Installation Settings, and select the “No, let me choose what to do” option.
Select “Never install driver software from Windows Update.”
Hit Save Changes.
Continue to Driver and Software Uninstall.

Another source: How to temporarily prevent a Windows or driver update from reinstalling in Windows 10 on Microsoft Support.

Disable Spying

If you use a Windows 10 privacy tools and disable some of the telemetry, you should know the registry entries you would be changing. Policy locations will also be provided as necessary.

Telemetry Services

Connected User Experience and Telemetry (DiagTrack)
Dmwappushsvc (dmwappushservice)

Note – You can disabled this in Settings > Privacy > Feedback & diagnostics. Basic under “Diagnostic and usage data” for home users.

Telemetry Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry

Policy – Allow Telemetry.
Location – Administrative Templates | Windows Components | Data Collection and Preview Builds – set to Enabled and Options to “0 – Off [Enterprise Only]”.

Picture Password Sign in

Policy – Turn off picture password sign in.
Location – Administrative Templates | System | Logon – set to Enabled.

PIN Sign in

Policy – Turn on PIN sign in.
Location – Administrative Templates | System | Logon – set to Enabled.
Note – Enabled provided the PIN is long enough.

Microsoft Passport

Policy – Use Microsoft Passport for Work.
Location – Administrative Templates | Windows Components | Microsoft Passport for Work – set to Disabled.
Note – Used with biometrics and PINs.

Consumer Experience Improvement Program (CEIP) Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable

Consumer Experience Improvement Program (CEIP) Scheduled Tasks

Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
Microsoft\Windows\Application Experience\ProgramDataUpdater
Microsoft\Windows\Autochk\Proxy
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Microsoft\Windows\Customer Experience Improvement Program\Consolidator

Application Impact Telemetry (AIT) Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat\AITEnable

Policy – Turn off Application Telemetry.
Location – Administrative Templates | Windows Components | Application Compatibility – set to Enabled.

Steps Recorder Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat\DisableUAR

WiFi Sense (HotSpot Sharing) Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting\value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots\value

Apps Use Advertising ID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo\Enabled

Policy – Turn off the Advertising ID.
Location – Administrative Templates | System | User Profiles – set to Enabled.

P2P Windows Updates Outside Local Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\SystemSettingsDownloadMode

Policy – DownloadMode.
Location – Preferences | Windows Settings | Registry.
Note – Key created with Replace action. Value type of Config key is REG_DWORD and the value is 0. Check setting “Remove this item when it is no longer applied” on the Common tab. This should be checked. You can also disabled this by going to Settings > Update & security > Windows Update > Advanced options > Choose how updates are delivered. You’re looking for distributed updates.

Microsoft Accounts

Policy – Accounts: Block Microsoft Accounts.
Location – Windows Settings | Security Settings | Local Policies | Security Options – “Define this policy setting” and choose “Users can’t add or log on with Microsoft Accounts”.
Note – You can switch to a local account by going to Settings > Accounts > Sign in with a local account instead.

Web Search Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Search\DisableWebSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Search\ConnectedSearchUseWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Search\ConnectedSearchUseWebOverMeteredConnections

Cortana Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Experience\AllowCortana\value
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowCortana

Policy – Allow input personalization.
Location – Administrative Templates | Control Panel | Regional and Language Options – set to Disabled.
Note – Disables Cortana search, collection of speech, collection of handwriting patterns, collection of typing history, collection of contacts, and collection of calendar information. Also called “Getting to know you.” You can disabled this in the Privacy menu in Settings.
Policy – Allow Cortana.
Location – Administrative Templates | Windows Components | Search – set to Disabled.

OneDrive Service

Sync Host (OneSyncSvc)
Sync Host_Session1 (OneSyncSvc_Session1)

Note: Do not stop these services if you use Windows Mail app.

OneDrive Group Policy

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive\DisableFileSyncNGSC

Remote Registry Service

RemoteRegistry

Office 15 (2013) Telemetry Group Policy

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\15.0\osm\enablelogging
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\15.0\osm\enablefileobfuscation
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\15.0\osm\enableupload

Office 15 (2013) Telemetry Scheduled Tasks

Microsoft\Office\OfficeTelemtryAgentFallBack
Microsoft\Office\OfficeTelemetryAgentLogOn

Office 16 (2016) Telemetry Group Policy

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\osm\enablelogging
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\osm\enablefileobfuscation
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\osm\enableupload

Office 16 (2016) Telemetry Scheduled Tasks

Microsoft\Office\OfficeTelemetryAgentFallBack2016
Microsoft\Office\OfficeTelemetryAgentLogOn2016