Settings to enable on a new operating system install.

This, then go through all settings (in Windows) and disable most phone home stuff. I used to use O&O ShutUp10 but I don't bother with it anymore.

Next, I disable Sleep, change the Power settings and set a theme I like.

 

Same here.

I also disable Reserved Storage.
In Region I set my preferred date and time.
In Windows Explorer I set View to Details.
The 6 System Folders are moved to the D:\ drive so my data files will not be in the OS partition.
Change partition drive letters if desired. Make the optical drive X:\

 

Next to what was mentioned above I also do:

On each partition I disable option Allow files on this drive to have content indexed...
I disable Search service.
I manually set size of pagefile.
I manually set IP addresses on my network connection properties.

 

If we don't consider all the security/privacy settings to be changed, I delete every icon from the desktop, including the recycle bin icon.

 

You can do that by right clicking the desktop and de-selecting View > Show desktop icons.

 

I do that also. I just like clean wallpaper without icons on my desktop. Since I use Launchy to run apps, I don't need icon on desktop.

 

I think that the physical deletion of the icons makes the pc, with the other interventions I do, faster.

But I'm curious to know if with your method you can easily delete the files in the recycle bin.

 

I don't hide the icons anymore but as the Recycle Bin icon is just a shortcut I can't see why emptying the Bin would be any different.

FYI, instead of having rows of icons I now just move them to along the top, right and bottom of desktop.

 

I use Privacy Eraser and / or PrivaZer to empty the Recycle Bin.

 

Everyone has their own favorite methods.
Hello good day.
in Italy it is 08:45 a.m. the outside temperature is 12.3°C and I am waiting for it to rise a bit so that I can go to the park for a 8 km walk.
I worked yesterday and today I am free.

 

I uncheck Hide extensions for known file types.
I turn off Show suggestions occasionally in Start. This is only an option in Windows 10, not Windows 11.
I ensure that System Restore is enabled.

On low-end systems, I set Visual Effects to Adjust for best performance, and then re-enable Show window contents while dragging and Smooth edges of screen fonts.

That's pretty much it. I keep hidden folders hidden and usually don't disable hibernation.

 

Thanks for the reminder. I disable System Restore.

 

This is all the tweaks u will ever need:
https://github.com/TairikuOokami/Windows

plus some of mine

Spoiler

rem https://www.windowscentral.com/how-prevent-windows-10-requiring-password-when-resuming-sleep
powercfg /SETACVALUEINDEX SCHEME_CURRENT SUB_NONE CONSOLELOCK 0

rem https://winaero.com/blog/set-do-thi...heckbox-by-default-in-windows-10-copy-dialog/
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\OperationStatusManager" /v "ConfirmationCheckBoxDoForAll" /t "REG_DWORD" /d "1" /f

rem https://winaero.com/blog/set-default-action-shutdown-dialog-windows-10/
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_PowerButtonAction" /t "REG_DWORD" /d "4" /f

DISM.exe /Online /Set-ReservedStorageState /Stateisabled

rem Delete files
taskkill /im explorer.exe /f
takeown /f "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" /a
icacls "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" /grant:r Administrators:F /c
del "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" /s /f /q

takeown /f "C:\Program Files\Windows Defender\MpCmdRun.exe" /a
icacls "C:\Program Files\Windows Defender\MpCmdRun.exe" /grant:r Administrators:F /c
takeown /f "C:\Windows\System32\MRT.exe" /a
icacls "C:\Windows\System32\MRT.exe" /grant:r Administrators:F /c
takeown /f "C:\Windows\System32\mobsync.exe" /a
icacls "C:\Windows\System32\mobsync.exe" /grant:r Administrators:F /c
takeown /f "C:\Windows\System32\wermgr.exe" /a
icacls "C:\Windows\System32\wermgr.exe" /grant:r Administrators:F /c
takeown /f "C:\Windows\System32\WerFault.exe" /a
icacls "C:\Windows\System32\WerFault.exe" /grant:r Administrators:F /c
takeown /f "C:\Windows\SysWOW64\WerFault.exe" /a
icacls "C:\Windows\SysWOW64\WerFault.exe" /grant:r Administrators:F /c
takeown /f "C:\Windows\System32\CompatTelRunner.exe" /a
icacls "C:\Windows\System32\CompatTelRunner.exe" /grant:r Administrators:F /c

taskkill /im MpCmdRun.exe /f
taskkill /im MRT.exe /f
taskkill /im mobsync.exe /f
taskkill /im wermgr.exe /f
taskkill /im WerFault.exe /f
taskkill /im CompatTelRunner.exe /f

del "C:\Program Files\Windows Defender\MpCmdRun.exe" /s /f /q
del "C:\Windows\System32\MRT.exe" /s /f /q
del "C:\Windows\System32\mobsync.exe" /s /f /q
del "C:\Windows\System32\wermgr.exe" /s /f /q
del "C:\Windows\System32\WerFault.exe" /s /f /q
del "C:\Windows\SysWOW64\WerFault.exe" /s /f /q
del "C:\Windows\System32\CompatTelRunner.exe" /s /f /q

takeown /f "%WinDir%\System32\GameBarPresenceWriter.exe" /a
icacls "%WinDir%\System32\GameBarPresenceWriter.exe" /grant:r Administrators:F /c
taskkill /im GameBarPresenceWriter.exe /f
del "%WinDir%\System32\GameBarPresenceWriter.exe" /s /f /q

rem https://www.technorms.com/41496/enable-balloon-toasts-notifications-in-windows-10
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "EnableLegacyBalloonNotifications" /t "REG_DWORD" /d "1" /f

rem https://docs.microsoft.com/en-us/pr...ows-server-2012-R2-and-2012/dn408187(v=ws.11)
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "RunAsPPL" /t "REG_DWORD" /d "1" /f

rem Unassociate dangerous file extensions
assoc .A3X=
assoc .ACTION=
assoc .ADE=
assoc .ADP=
assoc .APK=
assoc .APP=
assoc .BAS=
assoc .BIN=
assoc .CHM=
assoc .COM=
assoc .COMMAND=
assoc .CSC=
assoc .CSH=
assoc .DP=
assoc .GADGET=
assoc .HLP=
assoc .HTA=
assoc .INS=
assoc .INX=
assoc .IPA=
assoc .ISU=
assoc .ISP=
assoc .JAR=
assoc .JOB=
assoc .JS=
assoc .JSE=
assoc .KSH=
assoc .MDB=
assoc .MDE=
assoc .MST=
assoc .OCX=
assoc .OTF=
assoc .OUT=
assoc .PAF=
assoc .PCD=
assoc .PIF=
assoc .PRG=
assoc .PS1=
assoc .PS1XML=
assoc .PSC1=
assoc .PS2=
assoc .PS2XML=
assoc .PSC2=
assoc .REG=
assoc .RGS=
assoc .RTF=
assoc .RUN=
assoc .SCR=
assoc .SCT=
assoc .SHB=
assoc .SHS=
assoc .SO=
assoc .TLB=
assoc .U3P=
assoc .URL=
assoc .VB=
assoc .VBA=
assoc .VBC=
assoc .VBE=
assoc .VBS=
assoc .VBSCRIPT=
assoc .WS=
assoc .WSC=
assoc .WSF=
assoc .WSH=
assoc .XPI=

rem Services
rem sc config StateRepository start= demand | required for opening Settings menu
sc config Wecsvc start= disabled
sc config ndu start= disabled
sc config beep start= disabled
sc config DevQueryBroker start= disabled
sc config embeddedmode start= disabled
reg add "HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode" /v "Start" /t "REG_DWORD" /d "4" /f
rem sc config TimeBrokerSvc start= demand | same description as System Events Broker?
sc config DmEnrollmentSvc start= disabled
sc config WEPHOSTSVC start= disabled
reg add "HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc" /v "Start" /t "REG_DWORD" /d "4" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc_4a9a2" /v "Start" /t "REG_DWORD" /d "4" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc" /v "Start" /t "REG_DWORD" /d "4" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc_4a9a2" /v "Start" /t "REG_DWORD" /d "4" /f
sc delete DiagTrack
sc delete dmwappushservice
reg add "HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc" /v "Start" /t "REG_DWORD" /d "4" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc" /v "Start" /t "REG_DWORD" /d "4" /f
sc config workfolderssvc start= disabled
sc config WiaRpc start= disabled
sc config AxInstSV start= disabled
sc config AJRouter start= disabled
sc config AppReadiness start= disabled
sc config AppIDSvc start= disabled
reg add "HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc" /v "Start" /t "REG_DWORD" /d "4" /f
sc config ALG start= disabled
sc config AppXSvc start= disabled
reg add "HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc" /v "Start" /t "REG_DWORD" /d "4" /f
sc config AssignedAccessManagerSvc start= disabled
sc config tzautoupdate start= disabled
sc config BthAvctpSvc start= disabled
sc config BDESVC start= disabled
sc config wbengine start= disabled
sc config BTAGService start= disabled
sc config bthserv start= disabled
reg add "HKLM\System\CurrentControlSet\Services\BluetoothUserService" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\BluetoothUserService_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config PeerDistSvc start= disabled
sc config camsvc start= disabled
reg add "HKLM\System\CurrentControlSet\Services\CaptureService" /v "Start" /t REG_DWORD /d "3" /f rem required for Snipping Tool
reg add "HKLM\System\CurrentControlSet\Services\CaptureService_4f8bc" /v "Start" /t REG_DWORD /d "3" /f
sc config CertPropSvc start= disabled
sc config ClipSVC start= disabled
reg add "HKLM\System\CurrentControlSet\Services\ClipSVC" /v "Start" /t REG_DWORD /d "4" /f
sc config CDPSvc start= disabled
reg add "HKLM\System\CurrentControlSet\Services\CDPUserSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\CDPUserSvc_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config DsSvc start= disabled
sc config DusmSvc start= disabled
sc config DeveloperToolsService start= disabled
sc config diagsvc start= disabled
sc config DPS start= disabled
sc config WdiServiceHost start= disabled
sc config WdiSystemHost start= disabled
sc config TrkWks start= disabled
sc config MSDTC start= disabled
sc config MapsBroker start= disabled
sc config EFS start= disabled
sc config EntAppSvc start= disabled
reg add "HKLM\System\CurrentControlSet\Services\EntAppSvc" /v "Start" /t REG_DWORD /d "4" /f
sc config fhsvc start= disabled
sc config fdPHost start= disabled
sc config FDResPub start= disabled
reg add "HKLM\System\CurrentControlSet\Services\BcastDVRUserService" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\BcastDVRUserService_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config lfsvc start= disabled
sc config HvHost start= disabled
sc config vmickvpexchange start= disabled
sc config vmicguestinterface start= disabled
sc config vmicshutdown start= disabled
sc config vmicheartbeat start= disabled
sc config vmicvmsession start= disabled
sc config vmicrdv start= disabled
sc config vmictimesync start= disabled
sc config vmicvss start= disabled
sc config IKEEXT start= disabled
sc config irmon start= disabled
sc config SharedAccess start= disabled
sc config iphlpsvc start= disabled
sc config PolicyAgent start= disabled
sc config KtmRm start= disabled
sc config lltdsvc start= disabled
sc config wlpasvc start= disabled
reg add "HKLM\System\CurrentControlSet\Services\MessagingService" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\MessagingService_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config diagnosticshub.standardcollector.service start= disabled
sc config wlidsvc start= disabled
sc config AppVClient start= disabled
sc config MSiSCSI start= disabled
sc config smphost start= disabled
sc config InstallService start= disabled
sc config SmsRouter start= disabled
sc config NaturalAuthentication start= disabled
sc config NetTcpPortSharing start= disabled
sc config Netlogon start= disabled
sc config NcdAutoSetup start= disabled
sc config NcbService start= disabled
sc config NcaSvc start= disabled
sc config NvTelemetryContainer start= disabled
sc config CscService start= disabled
sc config ssh-agent start= disabled
sc config sshd start= disabled
sc config WpcMonSvc start= disabled
sc config SEMgrSvc start= disabled
sc config PNRPsvc start= disabled
sc config p2psvc start= disabled
sc config p2pimsvc start= disabled
sc config PerfHost start= disabled
sc config PhoneSvc start= disabled
sc config PNRPAutoReg start= disabled
sc config WPDBusEnum start= disabled
sc config Spooler start= disabled
sc config PrintNotify start= disabled
reg add "HKLM\System\CurrentControlSet\Services\PrintWorkflowUserSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\PrintWorkflowUserSvc_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config wercplsupport start= disabled
sc config PcaSvc start= disabled
sc config PSEXESVC start= disabled
sc config QWAVE start= disabled
sc config RmSvc start= disabled
sc config RasAuto start= disabled
sc config RasMan start= disabled
sc config SessionEnv start= disabled
sc config TermService start= disabled
sc config UmRdpService start= disabled
sc config RpcLocator start= disabled
sc config RemoteRegistry start= disabled
sc config RetailDemo start= disabled
sc config RemoteAccess start= disabled
sc config seclogon start= disabled
sc config SstpSvc start= disabled
sc config LanmanServer start= disabled
sc config shpamsvc start= disabled
sc config ShellHWDetection start= disabled
sc config SCardSvr start= disabled
sc config ScDeviceEnum start= disabled
sc config SCPolicySvc start= disabled
sc config SNMPTRAP start= disabled
sc config SharedRealitySvc start= disabled
sc config SQLWriter start= disabled
sc config SSDPSRV start= disabled
sc config SshBroker start= disabled
sc config SshProxy start= disabled
sc config SshdBroker start= disabled
sc config StorSvc start= demand
sc config TieringEngineService start= disabled
reg add "HKLM\System\CurrentControlSet\Services\OneSyncSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\OneSyncSvc_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config lmhosts start= disabled
sc config TapiSrv start= disabled
sc config TabletInputService start= disabled
sc config upnphost start= disabled
reg add "HKLM\System\CurrentControlSet\Services\UserDataSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\UserDataSvc_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\UnistoreSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\UnistoreSvc_4f8bc" /v "Start" /t REG_DWORD /d "4" /f
sc config UevAgentService start= disabled
sc config WalletService start= disabled
sc config TokenBroker start= disabled
sc config WebManagement start= disabled
sc config WebClient start= disabled
sc config WFDSConMgrSvc start= disabled
sc config SDRSVC start= disabled
sc config WbioSrvc start= disabled
sc config FrameServer start= disabled
sc config wcncsvc start= disabled
sc config Sense start= disabled
reg add "HKLM\System\CurrentControlSet\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f
sc config WdNisSvc start= disabled
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
sc config WinDefend start= disabled
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
sc config WerSvc start= disabled
sc config stisvc start= disabled
sc config wisvc start= disabled
sc config LicenseManager start= disabled
sc config icssvc start= disabled
sc config spectrum start= disabled
sc config IpOverUsbSvc start= disabled
sc config PushToInstall start= disabled
sc config WinRM start= disabled
sc config WSearch start= disabled
reg add "HKLM\System\CurrentControlSet\Services\WinHttpAutoProxySvc" /v "Start" /t REG_DWORD /d "4" /f
sc config WlanSvc start= disabled
sc config LanmanWorkstation start= disabled
sc config WwanSvc start= disabled
sc config XboxGipSvc start= disabled
sc config xbgm start= disabled
sc config XblAuthManager start= disabled
sc config XblGameSave start= disabled
sc config XboxNetApiSvc start= disabled
sc config autotimesvc start= disabled
reg add "HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_76aae" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\BcastDVRUserService_76aae" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\PrintWorkflowUserSvc_76aae" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\OneSyncSvc_76aae" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\UserDataSvc_76aae" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\UnistoreSvc_76aae" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\MessagingService_76aae" /v "Start" /t REG_DWORD /d "4" /f





rem Powershell Machine Execution Policy Restricted
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell" /v "EnableScripts" /t "REG_DWORD" /d "0" /f

rem https://techcommunity.microsoft.com...riant-2-with-Retpoline-on-Windows/ba-p/295618
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x408
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x400

rem 16-bit components
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "VDMDisallowed" /t "REG_DWORD" /d "1" /f

rem Turn on Driver Signing / Integrity Check
bcdedit.exe -set loadoptions DENABLE_INTEGRITY_CHECKS &bcdedit.exe -set TESTSIGNING OFF

rem https://support.microsoft.com/en-us...exception-handling-overwrite-protection-sehop
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t "REG_DWORD" /d "0" /f

rem https://docs.microsoft.com/en-us/wi...-dlls-in-windows-7-and-windows-server-2008-r2
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v "LoadAppInit_DLLs" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v "RequireSignedAppInit_DLLs" /t "REG_DWORD" /d "1" /f

rem https://www.technipages.com/enable-disable-wfp
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "SFCDisable" /t "REG_DWORD" /d "0" /f

:: Privacy - Disable Microsoft Help feedback.
reg add "HKCU\Software\Policies\Microsoft\Assistance\Client\1.0" /v "NoExplicitFeedback" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Assistance\Client\1.0" /v "NoImplicitFeedback" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Assistance\Client\1.0" /v "NoOnlineAssist" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" /v "NoActiveHelp" /t "REG_DWORD" /d "1" /f

:: Privacy - Disable and configurate Input Personalization and reporting.
reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t "REG_DWORD" /d "1" /f

:: Privacy - Disable Windows Messenger CEIP.
reg add "HKCU\Software\Policies\Microsoft\Messenger\Client" /v "CEIP" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client" /v "CEIP" /t REG_DWORD /d 2 /f

:: General (optional) - Disable Windows Messenger.
reg add "HKCU\Software\Policies\Microsoft\Messenger\Client" /v "PreventRun" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client" /v "PreventRun" /t "REG_DWORD" /d "1" /f

:: General - Prevent Windows Messenger from running at startup.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client" /v "PreventAutoRun" /t "REG_DWORD" /d "1" /f

:: Privacy - Disable and configure Windows Spotlight for privacy.
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "ConfigureWindowsSpotlight" /t REG_DWORD /d 2 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableTailoredExperiencesWithDiagnosticData" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableThirdPartySuggestions" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightOnActionCenter" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightWindowsWelcomeExperience" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CloudContent" /v "IncludeEnterpriseSpotlight" /t "REG_DWORD" /d "0" /f


:: Privacy/Security - Disable the password reveal button.
reg add "HKCU\Software\Policies\Microsoft\Windows\CredUI" /v "DisablePasswordReveal" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main" /v "DisablePasswordReveal" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CredUI" /v "DisablePasswordReveal" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable telemetry (or set to Basic in non-enterprise versions).
reg add "HKCU\Software\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "LimitEnhancedDiagnosticDataWindowsAnalytics" /t "REG_DWORD" /d "0" /f


:: General - Hide "People" bar in File Explorer.
reg add "HKCU\Software\Policies\Microsoft\Windows\Explorer" /v "HidePeopleBar" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable the Windows Connect Now wizard.
reg add "HKCU\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable and configure Windows Error Reporting.
reg add "HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" /v "DoReport" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting" /v "ForceQueueMode" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" /v "DWNoExternalURL" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" /v "DWNoFileCollection" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW" /v "DWNoSecondLevelCollection" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\HelpSvc" /v "Headlines" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\PCHealth\HelpSvc" /v "MicrosoftKBSearch" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" /v "DisableSendGenericDriverNotFoundToWER" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Settings" /v "DisableSendRequestAdditionalSoftwareToWER" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t "REG_DWORD" /d "1" /f


:: Security - Disable and configure Windows Remote Desktop and Remote Desktop Services.
reg add "HKCU\Software\Policies\Microsoft\Windows NT\Terminal Services" /v "AllowSignedFiles" /t "REG_DWORD" /d "0" /f
reg add "HKCU\Software\Policies\Microsoft\Windows NT\Terminal Services" /v "AllowUnsignedFiles" /t "REG_DWORD" /d "0" /f
reg add "HKCU\Software\Policies\Microsoft\Windows NT\Terminal Services" /v "DisablePasswordSaving" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Conferencing" /v "NoRDS" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS" /v "AllowRemoteShellAccess" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "AllowSignedFiles" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "AllowUnsignedFiles" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "CreateEncryptedOnlyTickets" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "DisablePasswordSaving" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowToGetHelp" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fAllowUnsolicited" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v "fDenyTSConnections" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client" /v "fEnableUsbBlockDeviceBySetupClass" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client" /v "fEnableUsbNoAckIsochWriteToDevice" /t REG_DWORD /d 80 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client" /v "fEnableUsbSelectDeviceByInterface" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings" /v "Enabled" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop" /v "Enabled" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework" /v "Enabled" /t "REG_DWORD" /d "0" /f

:: General - Disable online Fax services.
reg add "HKCU\Software\Policies\Microsoft\office\16.0\common\services\fax" /v "nofax" /t "REG_DWORD" /d "1" /f

:: Privacy - Disable CEIP for apps, and generally.
reg add "HKLM\SOFTWARE\Policies\Microsoft\AppV\CEIP" /v "CEIPEnable" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t "REG_DWORD" /d "0" /f


:: General (optional) - Disable Biometrics.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Biometrics" /v "Enabled" /t "REG_DWORD" /d "0" /f

:: Privacy (optional) - Disable the camera.
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Camera" /v "AllowCamera" /t "REG_DWORD" /d "0" /f

:: Privacy - Disable Find My Device.
reg add "HKLM\SOFTWARE\Policies\Microsoft\FindMyDevice" /v "AllowFindMyDevice" /t "REG_DWORD" /d "0" /f


:: Security - Disable pushing of apps for installation from the Windows store.
reg add "HKLM\SOFTWARE\Policies\Microsoft\PushToInstall" /v "DisablePushToInstall" /t "REG_DWORD" /d "1" /f


:: Privacy - Prevent Search Companion from downloading files from Microsoft.
reg add "HKLM\SOFTWARE\Policies\Microsoft\SearchCompanion" /v "DisableContentFileUpdates" /t "REG_DWORD" /d "1" /f


:: Privacy (optional) - Disable speech recognition udpates.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Speech" /v "AllowSpeechModelUpdate" /t "REG_DWORD" /d "0" /f


:: Privacy - Change NTP server to pool.ntp.org
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\Parameters" /v "NtpServer" /t REG_SZ /d "pool.ntp.org,0x8" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\Parameters" /v "Type" /t REG_SZ /d "NTP" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "CrossSiteSyncFlags" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "EventLogFlags" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "ResolvePeerBackoffMaxTimes" /t REG_DWORD /d 7 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "ResolvePeerBackoffMinutes" /t REG_DWORD /d 15 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "SpecialPollInterval" /t REG_DWORD /d 1024 /f


:: Privacy - Disable app access to user advertising information.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable Inventory Collector.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable Steps Recorder.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable (force deny) app access to personal data.
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCamera" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMessaging" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMicrophone" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessNotifications" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t REG_DWORD /d 2 /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t REG_DWORD /d 2 /f


:: General (optional) - Disable all apps from running in the background.
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d 2 /f


:: Privacy - Disable Windows Tips.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t "REG_DWORD" /d "1" /f


:: Privacy - Windows Consumer Features.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t "REG_DWORD" /d "1" /f


:: Security - Disable projecting (Connect) to the device, and require a pin for pairing.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "AllowProjectionToPC" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "RequirePinForPairing" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\WirelessDisplay" /v "EnforcePinBasedPairing" /t "REG_DWORD" /d "1" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings" /v "NoPresentationSettings" /t "REG_DWORD" /d "1" /f


:: Security - Disable Mobile Device Management (MDM) enrollment.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM" /v "DisableRegistration" /t "REG_DWORD" /d "1" /f



:: Security - Disable Autorun.
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoAutorun" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDriveTypeAutoRun" /t REG_DWORD /d 255 /f




:: Privacy - Disable online content in Explorer.
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "AllowOnlineTips" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoInternetOpenWith" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoOnlinePrintsWizard" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoPublishingWizard" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoWebServices" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable game screen recording.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t "REG_DWORD" /d "0" /f


:: Privacy - Disable game information and options retrieval from the Internet.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameUX" /v "DownloadGameInfo" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameUX" /v "GameUpdateOptions" /t "REG_DWORD" /d "0" /f


:: Security/Privacy (optional) Disable HomeGroup.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\HomeGroup" /v "DisableHomeGroup" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable location and sensors.
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /t "REG_DWORD" /d "1" /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t "REG_DWORD" /d "1" /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableSensors" /t "REG_DWORD" /d "1" /f
rem reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableWindowsLocationProvider" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable automatic downloads of Map data.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AllowUntriggeredNetworkTrafficOnSettingsPage" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Maps" /v "AutoDownloadAndUpdateMapData" /t "REG_DWORD" /d "0" /f



:: Privacy - Disable Windows Insider Program.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "AllowBuildPreview" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds" /v "EnableConfigFlighting" /t "REG_DWORD" /d "0" /f


:: Security - Force process digital certificates when running executables.
::reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers" /v "authenticodeenabled" /t "REG_DWORD" /d "1" /f

:: Privacy - Disable setting sync.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "EnableBackupForWin8Apps" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSyncOnPaidNetwork" /t "REG_DWORD" /d "1" /f

:: Privacy - Disable setting sync for each item.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Messaging" /v "AllowMessageSync" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSync" /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSyncUserOverride" /t "REG_DWORD" /d "1" /f


:: Security - Disable picture passwords.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "BlockDomainPicturePassword" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable the Windows Connect Now wizard.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableFlashConfigRegistrar" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableInBand802DOT11Registrar" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableUPnPRegistrar" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableWPDRegistrar" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "EnableRegistrars" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t "REG_DWORD" /d "1" /f


:: Privacy - Disable Cortana.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCloudSearch" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortanaAboveLock" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t "REG_DWORD" /d "0" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t "REG_DWORD" /d "1" /f




:: SCHEDULED TASKS

:: Privacy - Disable telemetry scheduled tasks.
:: Disable Customer Experience Improvement Program (CEIP) tasks.
schtasks /change /tn "\Microsoft\Windows\Autochk\Proxy" /disable
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable
schtasks /change /tn "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable
schtasks /change /tn "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /disable
schtasks /change /tn "\Microsoft\Windows\PI\Sqm-Tasks" /disable



:: MISCELLANEOUS


:: Privacy - Do not show recently or frequently accessed files in Quick access (Explorer).
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowFrequent" /t "REG_DWORD" /d "0" /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /t "REG_DWORD" /d "0" /f

:: Privacy - Disable tailored experiences with diagnostic data.
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Privacy" /v "TailoredExperiencesWithDiagnosticDataEnabled" /t "REG_DWORD" /d "0" /f

:: Privacy - Set NTP server to pool.ntp.org
w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org"

rem ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

rem Remove user account
net user defaultuser0 /delete
net user defaultuser100000 /delete

i have not updated those in some time i need to do update maybe when i upgrade to 21H2 still not offered....

use execTI or PowerRun, u might have to run them 2-3 times for everything to work

/thread closed

 

i also disable some services. such as indexing, connected user experiences and telemetry, and some remote services.

 

or:
right click the desktop - personalize - themes - desktop icon settings - untick the ones you want removed.

 

Just run everything blindly, what could go wrong?

 

Same here. Not much else. Anyone that disables stuff in the name of privacy will probably be back here later wondering why things don't work. If you are connected to the internet and/or using a smart phone you have no privacy.

 

Nope never really wondered about anything. Except why Bluetooth and devices won't open from settings. Everything else for me works perfectly. Oh yeah if u use mic u have to allow apps to use mic, because apps in this case is all programs, from privacy settings. That took me some time to figure it out but once u know it it's ez. In the same vein u can have a mic connected and if u disallow "apps" to use mic, literally nothing can use ur mic. Unless they regedit the change.

 

Changes? I undo the changes Microsoft made and put them back the way it was in Windows 10.

I don't want to have to relearn everything and I'm already used to things as they were.