Jump to content

[Guide] Disable Data Collection in Windows 10


ptd163

Recommended Posts

First, credit where is credit is due. I originally found this posted in /r/Windows10 by /u/C-Ron. I'm reposting this here for the people that don't browse Reddit so they can benefit from it.
 
Link to reddit post that contains original guide text (as recommended by Tripredacus)
 
First Time Setup

Spoiler
  • Do not use Express Settings. Hit Customize, and make sure everything is turned off.
  • It's strongly recommended that you use a local account with Windows 10.


Settings App

Spoiler
  • Head to Start > Settings > Privacy, and disable everything, unless there are some things you really need.
  • While within the Privacy page, go to Feedback, select Never in the first box, and Basic in the second box.
  • Head to Settings > Update and Security > Advanced Options > Choose how updates are delivered, and turn the first switch off.
  • Disable Cortana by clicking the Search bar/icon.
  • (Optional) Disable web search in Search by going to Settings, and turning off Search online and include web results.
  • Change the name of your PC by going to Start (or hitting the Windows key), typing About PC, and clicking Rename PC.

 
Scheduled Tasks

Spoiler

Open up the Command Prompt by launching cmd as an administrator, and enter the following:


sc delete DiagTracksc 
sc delete dmwappushserviceecho 
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
echo y|cacls  C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl  /d SYSTEM

Here's a list of tasks to delete courtesy of Technie007. You need to go into Task Scheduler to delete them.


Microsoft -> Windows -> Application Experience -> Microsoft Compatibility Appraiser
Microsoft -> Windows -> Application Experience -> ProgramDataUpdater
Microsoft -> Windows -> Autochk -> Proxy
Microsoft -> Windows -> Customer Experience Improvement Program -> Consolidator
Microsoft -> Windows -> Customer Experience Improvement Program -> KernelCeipTask
Microsoft -> Windows -> Customer Experience Improvement Program -> UsbCeip
Microsoft -> Windows -> DiskDiagnostic -> Microsoft-Windows-DiskDiagnosticDataCollector
Microsoft -> Windows -> PI -> Sqm-Tasks
Microsoft -> Windows -> Power Efficiency Diagnostics -> AnalyzeSystem
Microsoft -> Windows -> Windows Error Reporting -> QueueReporting

Or use this command script to do everything automatically. You will have to accept a UAC prompt if you have it turned on because it auto elevates itself.

 
Group Policy Editor

Spoiler

How to get the Group Policy Editor on Home version: https://www.itechtics.com/enable-gpedit-windows-10-home/

Open up the Group Policy Editor by launching gpedit.msc as an administrator and make the following changes:

  • Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. Double click Telemetry, hit Enabled, set the value to 0 and click apply. It's counter-intuitive, I know, but that is actual way to do it. Proof

NOTE: This only works in the Enterprise edition, but the final step provides a decent enough workaround for Pro users.

  • Computer Configuration > Administrative Templates > Windows Components > OneDrive, double click Prevent the usage of OneDrive for file storage, hit Enabled, then apply.
  • Computer Configuration > Administrative Templates > Windows Components > Windows Defender, double click Turn Off Windows Defender, hit Enabled, then apply.

 
Registry Editor

Spoiler

NOTE: Taking ownership of the keys may be required. This tool will allow you to do that.

Value Changes
Open up the Registry Editor by launching regedit as an administrator. Go through and make the following changes:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection, select AllowTelemetry, change its value to 0, then apply.

If any of the referenced keys don't exist then create them with the above values.
 
Deletions
Open up the Registry Editor by launching regedit as an administrator. Go through and delete the following keys and/or values:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger


Hosts File

Spoiler

First, download the Take Ownership tweak and enable it. Then, head to the Hosts File by going through C:\Windows\System32\Drivers\Etc, take ownership of the hosts file, and add the following IPs into it:
 

NOTE: If you add these domains manually and then use DWS_Lite you will end up with duplicate domains. Use HostMan to remove the duplicates.

 

Spoiler

0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.rad.msn.com
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cdnjs.cloudflare.com.cdn.cloudflare.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 cdp1.public-trust.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 e2835.dspb.akamaiedge.net
0.0.0.0 e8218.ce.akamaiedge.net
0.0.0.0 e7341.g.akamaiedge.net
0.0.0.0 e7502.ce.akamaiedge.net
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 fe2.ws.microsoft.com.nsatc.net
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 hostedocsp.globalsign.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 li581-132.members.linode.com
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 m.hotmail.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 pricelist.skype.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sO.2mdn.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 view.atdmt.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 www.go.microsoft.akadns.net
0.0.0.0 www.msftncsi.com
0.0.0.0 65.39.117.230
0.0.0.0 134.170.30.202
0.0.0.0 137.116.81.24


Or continue to the pastebin link. Doesn't matter to me. And if you want, click here for a hosts file that is complete and total overkill. From what I can tell, it's a list of every Microsoft domain known to man merged with the MVPS domain list.

 
Useful Software/Scripts/Forum Threads

Spoiler

Destroy Windows 10 Spying

FOSS created by @Nummer hosted on Github. It's quite effective at cutting out unnecessary data collection and metro crapware.

http://dws.wzor.net

 

Windows Update MiniTool

An alternative way to update Windows created by stupid user from Ru-Board. It can configure your automatic update settings, has an offline mode, and other features. You will never have to use the Settings version of Windows Updates if you use this.

http://forums.mydigitallife.info/threads/64939-Windows-Update-MiniTool (English Re-host. Requires registration.)

http://forum.ru-board.com/topic.cgi?forum=5&topic=48142#2 (stupid uer's original thread.)

 

TinyWall

A free, lightweight, easy-to-use front end for the Windows Firewall. It requires no configuration as it blocks all outgoing connections unless explicitly whitelist it by default. However, you may want to set it to always run as admin to prevent a privilege arms race.

http://tinywall.pados.hu

 

Windows Firewall Configuration - Truly Block EVERYTHING...

If you still want to use a deny-by-default approach with Windows Firewall, but don't want to use TinyWall you can follow a guide posted by CODYQX4 on the My Digital Life Forums. It uses Windows Firewall Control, another front end for Windows Firewall.

http://forums.mydigitallife.info/threads/64640-Windows-Firewall-Configuration-Truly-Block-EVERYTHING

 

HostsMan

A simple, free hosts file manager with a built-in editor and updater (no need for notepad). It can subscribe to several hosts file lists simultaneously that are automatically updated when a new version is released. It can also scan the hosts file for errors, duplicates and possible hijacks.

http://www.abelhadigital.com/hostsman

 

OneDrive Uninstaller

Run this script to completely uninstall OneDrive from your machine. Link.

 
Also please remember this is not an exhaustive list so feel free to post things that can improve this post an I'll add it to this post and credit you.

Lastly, to paraphrase NoelC: try things for yourself. Keep good notes on what you do, on what works, and save original files. The knowledge gained from the experience of seeing how things work is invaluable.

7/29/15: Changed IPs to 0.0.0.0 as recommended by NoelC.
7/31/15: Expanded telemetry list and added overkill, nuke-from-orbit list.
7/31/15: Reformatted the OP, reflected as many IPs as possible into hostnames, added Techie007's post to the relevant sections, and added gpedit.msc fix for Home users.
8/3/15:  Added tomasz86's OneDrive uinstaller and automated services & scheduled tasks command script.
8/5/15:  Added useful software/scripts section.
1/9/16:  Renamed useful software/scripts to useful software/scripts/forum threads and added stuff to it.
6/26/16: Reformatted to be readable with the new forum software.

Edited by ptd163
Link to comment
Share on other sites


Nice!

 

Suggest using 0.0.0.0 instead of 127.0.0.1 on each entry in the hosts file you want to abort.

 

I wonder what some of those settings will do in terms of allowing Insiders to remain active...

 

-Noel

Link to comment
Share on other sites

Suggest using 0.0.0.0 instead of 127.0.0.1 on each entry in the hosts file you want to abort.

 

Huh. That's what Unchecky uses as well. What's the difference between 0.0.0.0 and 127.0.0.1?

Link to comment
Share on other sites

Suggest using 0.0.0.0 instead of 127.0.0.1 on each entry in the hosts file you want to abort.

 

Huh. That's what Unchecky uses as well. What's the difference between 0.0.0.0 and 127.0.0.1?

A webserver (IIS/Apache) may be running on the computer, for one. AKA "home" is a valid address.

Link to comment
Share on other sites

Good list so far.  Here are some more items to add to it:

 

Delete the following Scheduled Tasks:

 

Microsoft -> Windows -> Application Experience -> Microsoft Compatibility Appraiser

Microsoft -> Windows -> Application Experience -> ProgramDataUpdater

Microsoft -> Windows -> Autochk -> Proxy

Microsoft -> Windows -> Customer Experience Improvement Program -> Consolidator

Microsoft -> Windows -> Customer Experience Improvement Program -> KernelCeipTask

Microsoft -> Windows -> Customer Experience Improvement Program -> UsbCeip

Microsoft -> Windows -> DiskDiagnostic -> Microsoft-Windows-DiskDiagnosticDataCollector

Microsoft -> Windows -> PI -> Sqm-Tasks

Microsoft -> Windows -> Power Efficiency Diagnostics -> AnalyzeSystem

Microsoft -> Windows -> Windows Error Reporting -> QueueReporting

 

 

And delete the following Registry keys:

 

HKLM -> SYSTEM -> CurrentControlSet -> Control -> WMI -> AutoLogger -> AutoLogger-Diagtrack-Listener

HKLM -> SYSTEM -> CurrentControlSet -> Control -> WMI -> AutoLogger -> SQMLogger

 

 

There's a lot more lurking in the registry, but the above is all I am sure about at the moment.

Link to comment
Share on other sites

Interesting to see the expansion of the hosts list, including some nameless IP addresses in there now.  I'd have loved to see some comments on those entries describing where they go, though I am using the list now to see what - if anything - doesn't work.

 

So far, it seems to be able to check Windows Update for updates, and I seem to be able to access OneDrive via a web browser (I wouldn't want that any other way).

 

I'm actually expecting an improved experience as a result of these changes.

 

-Noel

Link to comment
Share on other sites

Good list so far.  Here are some more items to add to it:

 

Delete the following Scheduled Tasks:

 

Microsoft -> Windows -> Application Experience -> Microsoft Compatibility Appraiser

Microsoft -> Windows -> Application Experience -> ProgramDataUpdater

Microsoft -> Windows -> Autochk -> Proxy

Microsoft -> Windows -> Customer Experience Improvement Program -> Consolidator

Microsoft -> Windows -> Customer Experience Improvement Program -> KernelCeipTask

Microsoft -> Windows -> Customer Experience Improvement Program -> UsbCeip

Microsoft -> Windows -> DiskDiagnostic -> Microsoft-Windows-DiskDiagnosticDataCollector

Microsoft -> Windows -> PI -> Sqm-Tasks

Microsoft -> Windows -> Power Efficiency Diagnostics -> AnalyzeSystem

Microsoft -> Windows -> Windows Error Reporting -> QueueReporting

 

 

And delete the following Registry keys:

 

HKLM -> SYSTEM -> CurrentControlSet -> Control -> WMI -> AutoLogger -> AutoLogger-Diagtrack-Listener

HKLM -> SYSTEM -> CurrentControlSet -> Control -> WMI -> AutoLogger -> SQMLogger

 

 

There's a lot more lurking in the registry, but the above is all I am sure about at the moment.

 

It'll be interesting to see if these get added back without the user's knowledge or input, the way that certain Windows Updates reappear even after you hide them.

 

--JorgeA

Link to comment
Share on other sites

Interesting to see the expansion of the hosts list, including some nameless IP addresses in there now.  I'd have loved to see some comments on those entries describing where they go

 

I reflected as many IPs into hostnames as possible with nslookup. A server failure, A non-existent host, and a timeout are why the 3 remain. If there were any comments about the nameless IPs it wasn't in the Reddit thread this post started from.

Edited by ptd163
Link to comment
Share on other sites

I'd be more interested in what parts of Windows accessed those locations, actually.

 

And yes, I would expect ALL of these tweaks to be undone with anything more than the most minimal Windows Update.  Microsoft thinks they have everyone conditioned to accept that kind of crap now.

 

The tweakers of the future will have to be re-tweakers - programs that run at startup and make sure things stay as the user wants them.  Not a big deal, really, but more of a pain than the "set it and forget it" stance we're used to.

 

Nice job on the reformatting of the OP by the way.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

FWIW,
 
I'm not saying at all that those three nameless IP's should be removed from your list, but for me:
 
65.39.117.230 -- Webpage not available -- took too long to respond
134.170.30.202 -- went to http://www.microsoft.com/en-us/windows/apps-and-games
137.116.81.24 -- brought up a page that just had "Ok" on it, whatever that means. :)

 

Cheers and Regards

Edited by bphlpt
Link to comment
Share on other sites

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]

"AllowTelemetry"=dword:00000000

 

apparently thats the key enterprise sets when you disable telemetry in group policy. the key appears to work on home and pro since it does disable, greys out, the data and usage box. it will also set what ever telemetry setting you have to the lowest one, basic, which it too does on enterprise.

 

it just needs more testing to make sure. 

Edited by fafreeman
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...