Get best of the week

German Data Protection Authority: telemetry in Windows 10 1909 Enterprise can be completely disabled

Telemetry has long been a hotly debated topic since Microsoft released the first version of Windows 10. Microsoft decided to deeply integrate data collection into the operating system - so deeply that user editions of Windows 10 Home and Windows 10 Pro did not have the option to completely disable telemetry.

Even the Enterprise and Education editions included telemetry, but came with a special setting intended only for these editions.

Home and Pro users can choose between “Full” and “Basic” telemetry levels. Basic restricts the transfer of information to Microsoft, but does not block sending completely. The Enterprise and Education editions have the Security telemetry option, which significantly limits the collection and transmission of data.



The State Data Protection Supervisory Authority of Bavaria has published a report on its activities for 2019. The report contains information about data collection analysis of Windows 10 Enterprise version 1909.

The report, which can be downloaded here(in German, .PDF), it is stated that organizations that can purchase editions of Windows 10 Enterprise and Windows 10 Education can completely disable sending telemetry data in Windows 10 version 1909.

The test setup was identical to other tests conducted to find out the data sent Windows 10. Windows 10 Enterprise version 1909 was installed in the laboratory, and all system traffic, both inbound and outbound, was recorded and analyzed.

The telemetry level of the Windows 10 device was set to Security, and the tools / settings provided by Microsoft were used to eliminate the telemetry actions.

The management found that in the laboratory it was possible to completely disable sending telemetry data on computers running Windows 10 Enterprise (and Education) version 1909.

According to the management, the test results should be verified in real conditions. Telemetry will not be an obstacle to data protection in systems running Windows 10 Enterprise or Education, if real testing confirms this.

Management notes that the situation is different for Windows 10 Pro (and Home) systems, since data collection cannot be completely disabled in these releases.

PS Personally, I "struggle" with telemetry in this way. Taken from here .

Hidden text
# Turn off "Connected User Experiences and Telemetry" service
#   "      "
Get-Service -Name DiagTrack | Stop-Service -Force
Get-Service -Name DiagTrack | Set-Service -StartupType Disabled

# Turn off per-user services
#  c   
$services = @(
	# Contact Data
	#   
	"PimIndexMaintenanceSvc_*"
	# User Data Storage
	#    
	"UnistoreSvc_*"
	# User Data Access
	#     
	"UserDataSvc_*"
)
Get-Service -Name $services | Stop-Service -Force
New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\PimIndexMaintenanceSvc -Name Start -PropertyType DWord -Value 4 -Force
New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\PimIndexMaintenanceSvc -Name UserServiceFlags -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\UnistoreSvc -Name Start -PropertyType DWord -Value 4 -Force
New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\UnistoreSvc -Name UserServiceFlags -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\UserDataSvc -Name Start -PropertyType DWord -Value 4 -Force
New-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\UserDataSvc -Name UserServiceFlags -PropertyType DWord -Value 0 -Force

# Stop event trace sessions
#    
Get-EtwTraceSession -Name DiagLog -ErrorAction Ignore | Remove-EtwTraceSession

# Turn off the data collectors at the next computer restart
#       
Update-AutologgerConfig -Name DiagLog, Diagtrack-Listener -Start 0 -ErrorAction Ignore

# Set the operating system diagnostic data level
#     
if ((Get-WindowsEdition -Online).Edition -eq "Enterprise" -or (Get-WindowsEdition -Online).Edition -eq "Education")
{
	# "Security"
	# ""
	New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection -Name AllowTelemetry -PropertyType DWord -Value 0 -Force
}
else
{
	# "Basic"
	# ""
	New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection -Name AllowTelemetry -PropertyType DWord -Value 1 -Force
}

# Turn off Windows Error Reporting
#     Windows
New-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Windows Error Reporting" -Name Disabled -PropertyType DWord -Value 1 -Force

# Change Windows Feedback frequency to "Never"
#      ""
if (-not (Test-Path -Path HKCU:\Software\Microsoft\Siuf\Rules))
{
	New-Item -Path HKCU:\Software\Microsoft\Siuf\Rules -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\Siuf\Rules -Name NumberOfSIUFInPeriod -PropertyType DWord -Value 0 -Force

# Turn off diagnostics tracking scheduled tasks
#    
$tasks = @(
	# Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.
	#             
	"Microsoft Compatibility Appraiser"
	# Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program
	#           
	"ProgramDataUpdater"
	# This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program
	#       SQM        
	"Proxy"
	# If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft
	#             Windows,             
	"Consolidator"
	# The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine
	#         USB (USB CEIP)          USB    
	"UsbCeip"
	# The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program
	#  ,       ,    Windows          
	"Microsoft-Windows-DiskDiagnosticDataCollector"
	# Protects user files from accidental loss by copying them to a backup location when the system is unattended
	#             ,      
	"File History (maintenance mode)"
	# Measures a system's performance and capabilities
	#     
	"WinSAT"
	# This task shows various Map related toasts
	#      ( )  ""
	"MapsToastTask"
	# This task checks for updates to maps which you have downloaded for offline use
	#       ,    
	"MapsUpdateTask"
	# Initializes Family Safety monitoring and enforcement
	#       
	"FamilySafetyMonitor"
	# Synchronizes the latest settings with the Microsoft family features service
	#          
	"FamilySafetyRefreshTask"
	# Windows Error Reporting task to process queued reports
	#       
	"QueueReporting"
	# XblGameSave Standby Task
	"XblGameSaveTask"
)

# If device is not a laptop
#     
if ((Get-CimInstance -ClassName Win32_ComputerSystem).PCSystemType -ne 2)
{
	# HelloFace
	$tasks += "FODCleanupTask"
}
Get-ScheduledTask -TaskName $tasks | Disable-ScheduledTask

# Do not use sign-in info to automatically finish setting up device and reopen apps after an update or restart
#                 
$SID = (Get-CimInstance -ClassName Win32_UserAccount | Where-Object -FilterScript {$_.Name -eq $env:USERNAME}).SID
if (-not (Test-Path -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$sid"))
{
	New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$SID" -Force
}
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserARSO\$sid" -Name OptOut -PropertyType DWord -Value 1 -Force

# Do not let websites provide locally relevant content by accessing language list
#   -         
New-ItemProperty -Path "HKCU:\Control Panel\International\User Profile" -Name HttpAcceptLanguageOptOut -PropertyType DWord -Value 1 -Force

# Do not allow apps to use advertising ID
#      
if (-not (Test-Path HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo))
{
	New-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Name Enabled -PropertyType DWord -Value 0 -Force

# Do not let apps on other devices open and message apps on this device, and vice versa
#                
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CDP -Name RomeSdkChannelUserAuthzPolicy -PropertyType DWord -Value 0 -Force

# Do not show the Windows welcome experiences after updates and occasionally when I sign in to highlight what's new and suggested
#     Windows      ,       
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SubscribedContent-310093Enabled -PropertyType DWord -Value 0 -Force

# Get tip, trick, and suggestions as you use Windows
#  ,      Windows
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SubscribedContent-338389Enabled -PropertyType DWord -Value 1 -Force

# Do not show suggested content in the Settings app
#       ""
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SubscribedContent-338393Enabled -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SubscribedContent-353694Enabled -PropertyType DWord -Value 0 -Force
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SubscribedContent-353696Enabled -PropertyType DWord -Value 0 -Force

# Turn off automatic installing suggested apps
#     
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager -Name SilentInstalledAppsEnabled -PropertyType DWord -Value 0 -Force

# Do not suggest ways I can finish setting up my device to get the most out of Windows
#   e        Windows
if (-not (Test-Path HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement))
{
	New-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement -Force
}
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement -Name ScoobeSystemSettingEnabled -PropertyType DWord -Value 0 -Force

# Do not offer tailored experiences based on the diagnostic data setting
#    ,      
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Privacy -Name TailoredExperiencesWithDiagnosticDataEnabled -PropertyType DWord -Value 0 -Force


Also from the author’s site: comparison of all programs to disable telemetry

Source: https://habr.com/ru/post/undefined/

More articles:


All Articles