## TBA, fix mess ### Relevant + newer repos found # https://github.com/beerisgood/Windows11_Hardening - txt guide # hotcakex guide -> https://www.reddit.com/r/cybersecurity/comments/10x986w/harden_windows_security_the_right_way_only_with/ ### ChatGPT Answer Here's the answer in **Gitea Markdown** format: ```markdown # Remove ALL Tracking from Windows 11 This guide provides commands and steps to remove all tracking from Windows 11. **Warning:** This will break some functionality, including Windows Updates, the Microsoft Store, Cortana, and other system features. Proceed with caution. --- ## 1. Disable Telemetry via Group Policy or Registry ### Group Policy Settings via PowerShell ```powershell # Disable telemetry via Group Policy reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f ``` ### Block Data Collection via Services ```powershell # Disable telemetry services sc stop DiagTrack sc delete DiagTrack sc stop diagnosticshub.standardcollector.service sc delete diagnosticshub.standardcollector.service sc stop dmwappushservice sc delete dmwappushservice ``` --- ## 2. Disable Tracking Features ### Remove Pre-installed Apps ```powershell # Remove all pre-installed apps Get-AppxPackage -AllUsers | Remove-AppxPackage Get-AppxProvisionedPackage -Online | Remove-AppxProvisionedPackage -Online ``` ### Disable Cortana ```powershell # Disable Cortana reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d 0 /f ``` ### Disable Feedback Requests ```powershell # Turn off feedback requests reg add "HKCU\Software\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /t REG_QWORD /d 0 /f ``` --- ## 3. Block Microsoft Telemetry Domains ### Open HOSTS File ```powershell notepad C:\Windows\System32\drivers\etc\hosts ``` ### Add Telemetry Domains Add the following lines to the `hosts` file: ```plaintext 127.0.0.1 vortex.data.microsoft.com 127.0.0.1 settings-win.data.microsoft.com 127.0.0.1 watson.telemetry.microsoft.com 127.0.0.1 feedback.windows.com 127.0.0.1 activity.windows.com 127.0.0.1 assets.onestore.microsoft.com 127.0.0.1 c1.microsoft.com 127.0.0.1 c2.microsoft.com 127.0.0.1 c3.microsoft.com 127.0.0.1 msftncsi.com 127.0.0.1 officeclient.microsoft.com 127.0.0.1 www.msftconnecttest.com ``` Save the file and reboot. --- ## 4. Disable Tracking Using PowerShell ### Disable Windows Defender (Tracking) ```powershell # Disable Windows Defender Set-MpPreference -DisableRealtimeMonitoring $true ``` ### Disable Data Sharing Features ```powershell # Disable OneDrive reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /v "DisableFileSyncNGSC" /t REG_DWORD /d 1 /f # Disable Activity History reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "PublishUserActivities" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "UploadUserActivities" /t REG_DWORD /d 0 /f ``` --- ## 5. Disable Windows Update (Tracking) Completely disable Windows Updates to stop telemetry-related data collection. ```powershell # Disable Windows Update Service sc config wuauserv start= disabled sc stop wuauserv ``` --- ## 6. Disable Telemetry via Firewall ### Block Telemetry Domains ```powershell netsh advfirewall firewall add rule name="BlockTelemetry" dir=out action=block remoteip=13.107.4.50,23.216.10.10,204.79.197.200 ``` --- ## 7. Use Advanced Privacy Tools 1. Download and run **[O&O ShutUp10++](https://www.oo-software.com/en/shutup10)**. - Apply all "Recommended" and "Recommended and somewhat recommended" settings. 2. Install **[WPD](https://wpd.app/)** for additional telemetry blocking. --- ## 8. Disable Online Features ```powershell # Disable online search in Start Menu reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d 0 /f ``` --- ## 9. Use a Debloated ISO For a fully stripped-down version of Windows 11, consider: - Installing a debloated custom ISO like **[AtlasOS](https://atlasos.net/)**. - Creating your own using **NTLite**. --- Would you like a pre-made script to automate these steps? Let me know! ``` ## GPT Sciprt: # Set-ExecutionPolicy Bypass -Scope Process -Force .\RemoveTracking.ps1 ``` # Disable Telemetry Services Write-Host "Disabling telemetry services..." -ForegroundColor Green sc.exe stop DiagTrack sc.exe delete DiagTrack sc.exe stop diagnosticshub.standardcollector.service sc.exe delete diagnosticshub.standardcollector.service sc.exe stop dmwappushservice sc.exe delete dmwappushservice # Disable Telemetry via Registry Write-Host "Disabling telemetry via registry..." -ForegroundColor Green reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d 0 /f # Remove Pre-installed Apps Write-Host "Removing pre-installed apps..." -ForegroundColor Green Get-AppxPackage -AllUsers | Remove-AppxPackage -ErrorAction SilentlyContinue Get-AppxProvisionedPackage -Online | Remove-AppxProvisionedPackage -Online -ErrorAction SilentlyContinue # Disable Cortana Write-Host "Disabling Cortana..." -ForegroundColor Green reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d 0 /f # Disable Feedback Requests Write-Host "Disabling feedback requests..." -ForegroundColor Green reg add "HKCU\Software\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /t REG_QWORD /d 0 /f # Block Microsoft Telemetry Domains via Hosts File Write-Host "Blocking telemetry domains..." -ForegroundColor Green $hostsPath = "C:\Windows\System32\drivers\etc\hosts" $domains = @" 127.0.0.1 vortex.data.microsoft.com 127.0.0.1 settings-win.data.microsoft.com 127.0.0.1 watson.telemetry.microsoft.com 127.0.0.1 feedback.windows.com 127.0.0.1 activity.windows.com 127.0.0.1 assets.onestore.microsoft.com 127.0.0.1 c1.microsoft.com 127.0.0.1 c2.microsoft.com 127.0.0.1 c3.microsoft.com 127.0.0.1 msftncsi.com 127.0.0.1 officeclient.microsoft.com 127.0.0.1 www.msftconnecttest.com "@ Add-Content -Path $hostsPath -Value $domains # Disable Defender Realtime Monitoring Write-Host "Disabling Windows Defender real-time monitoring..." -ForegroundColor Green Set-MpPreference -DisableRealtimeMonitoring $true # Disable Activity History Write-Host "Disabling activity history..." -ForegroundColor Green reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableActivityFeed" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "PublishUserActivities" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "UploadUserActivities" /t REG_DWORD /d 0 /f # Disable Windows Update Service Write-Host "Disabling Windows Update service..." -ForegroundColor Green sc.exe config wuauserv start= disabled sc.exe stop wuauserv # Block Telemetry Domains via Firewall Write-Host "Blocking telemetry domains via firewall..." -ForegroundColor Green netsh advfirewall firewall add rule name="BlockTelemetry" dir=out action=block remoteip=13.107.4.50,23.216.10.10,204.79.197.200 # Disable Online Features Write-Host "Disabling online features..." -ForegroundColor Green reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d 0 /f Write-Host "All tracking has been disabled. Reboot your system for changes to take effect." -ForegroundColor Green ``` ### Old privacy hardening notes below # Disable all networking except for programs you need it for. # Alternatively try these and use a good firewall, don't allow unwanted sites. # Uninstall tracking updates: wusa /uninstall /kb:3083710 /quiet /norestart wusa /uninstall /kb:3083711 /quiet /norestart wusa /uninstall /kb:3065988 /quiet /norestart wusa /uninstall /kb:3083325 /quiet /norestart wusa /uninstall /kb:3083324 /quiet /norestart wusa /uninstall /kb:2976978 /quiet /norestart wusa /uninstall /kb:3075853 /quiet /norestart wusa /uninstall /kb:3065987 /quiet /norestart wusa /uninstall /kb:3050265 /quiet /norestart wusa /uninstall /kb:3050267 /quiet /norestart wusa /uninstall /kb:3075851 /quiet /norestart wusa /uninstall /kb:2902907 /quiet /norestart wusa /uninstall /kb:3068708 /quiet /norestart wusa /uninstall /kb:3022345 /quiet /norestart wusa /uninstall /kb:2952664 /quiet /norestart wusa /uninstall /kb:2990214 /quiet /norestart wusa /uninstall /kb:3035583 /quiet /norestart wusa /uninstall /kb:3021917 /quiet /norestart wusa /uninstall /kb:3044374 /quiet /norestart wusa /uninstall /kb:3046480 /quiet /norestart wusa /uninstall /kb:3075249 /quiet /norestart wusa /uninstall /kb:3080149 /quiet /norestart # Stop tracking Services: sc stop DiagTrack sc stop dmwappushservice sc delete DiagTrack sc delete dmwappushservice # Or Windows behind a firewall and block Microsoft...