hahndorf / set-privacy Goto Github PK

There are a lot of registry value to change.

What does this function actually do?

On the first run of Set-Privacy.ps1 after a fresh install of Windows 10, I'm seeing a bunch of warnings:

PS > .\Set-Privacy.ps1 -Strong -Admin
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode changed to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseCredShared changed to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseOpen changed to 0
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry changed to 0
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:447 char:9
+         $acl = $key.GetAccessControl()
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:448 char:9
+         $acl.SetOwner([System.Security.Principal.NTAccount]$adminGrou ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:449 char:9
+         $key.SetAccessControl($acl)
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:452 char:9
+         $acl.SetAccessRule($rule)
+         ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:453 char:9
+         $key.SetAccessControl($acl)
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SpyNetReporting changed to 0
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent changed to 0
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:467 char:9
+         $acl.RemoveAccessRule($rule) | Out-Null
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:468 char:9
+         $key.SetAccessControl($acl)
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Privacy settings changed

On the second run, everything seems to work fine:

PS > .\Set-Privacy.ps1 -Strong -Admin
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode already set to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseCredShared already set to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseOpen already set to 0
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry already set to 0
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SpyNetReporting already set to 0
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent already set to 0
Privacy settings changed

So it looks the script assumes a number of registry keys exist and it outputs warnings when they don't exist. The script must create those keys, because subsequent runs don't output warnings.

It's not a big deal by any means. Just thought I'd report it, since I think it might be confusing to many first-time users.

Brilliant script btw. I was expecting I'd have to write something like it myself, but Set-Privacy.ps1 does a better job than anything I'd come up with.

fix10.isleaked.com suggests:

sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f

I would rather disable the services.

This is because various registry keys are missing, like all the ones for the Edge browser and other modern Apps.

The question is does anybody care? Why would you use this on Server Core?

Have you considered adding Set-Privacy.ps1 to the PowerShell Gallery?

It would make installing the script as easy as:

Install-Script Set-Privacy

Then the user doesn't have to worry about being in the right directory, or unblocking zip files or anything like that.

I've never tried adding a script to the gallery, but the instructions look pretty easy. However, I have recently published a PowerShell module on there, so I'd be happy to answer any questions I can.

It makes changes in the registry under those keys, but most of the privacy setting are not affected.
After manually setting the privacy settings to off I checked the registry and 3 had switched from allow to deny.

2297E4E2-.... -- Device access
52079E78-.... -- App Notifications
A8804298-.... -- Radio

They have also added "Privacy access" buttons that allow you to turn off most of the privacy setting for everyone on the computer from the looks of it.

Does anyone know where the registry keys for the "access" buttons are, or the other parts of the privacy settings?

Edit: Spelling

Is it possible to configure a GP within the script?
I'm thinking about disabling the Windows Automatic Update and OneDrive use on win 10 pro/enterprise.

https://www.windowscentral.com/how-disable-shared-experiences-windows-10
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
DWORD EnableCdp=1

In Feedback and Diagnostic. Right now I only have a Insiders Build which doesn't me allow to change this.

In line 451 the keyword BUILTIN is useed, but it is depending on the Language of Windows 10.

Line 451:
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("BUILTIN$adminGroupName","FullControl","Allow")

this shuld work :
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("$env:hostname$adminGroupName","FullControl","Allow")

So far I couldn't find the registry locations for these settings

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager

SubscribedContent-338388Enabled DWORD

0 = Off
1 = On

Have you tested, that the Wifi Sense feature will be disabled?
I also engaged a little about this feature but came to a different resolution.
In my case setting the key
HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features<user-sid>\FeatureStates to 828 disabled the Wifi Sense at least in the Settings UI of Win10 (Settings->Network->Wifi->Configure Wifi Settings).
I also found this post on stackoverflow

Any way, many thanks for sharing your knowledge.

https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.CloudContent::DisableWindowsSpotlightFeatures

https://www.tenforums.com/tutorials/88731-enable-disable-cortana-showing-cloud-content-search-results.html

all users
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search

AllowCloudSearch DWORD

(delete) = Default
0 = Disable
1 = Always enable

https://www.tenforums.com/tutorials/46494-enable-disable-cortana-lock-screen-windows-10-a.html
current user
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech_OneCore\Preferences

VoiceActivationEnableAboveLockscreen DWORD

0 = Off
1 = On

all users
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search

AllowCortanaAboveLock DWORD

(delete) = Enable
0 = Disable

See: http://windows.wonderhowto.com/inspiration/everything-you-need-disable-windows-10-0163552/

I don't have a Windows 10 with Wi-Fi, so I can't do this,

The "-" symbol before -Value (line 125) is incorrect.

https://www.tenforums.com/tutorials/100341-enable-disable-collect-activity-history-windows-10-a.html
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

PublishUserActivities DWORD

0 = Disable
1 = Enable

When using:

 .\Set-Privacy.ps1 -Strong -Admin

I get:

 HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry changed to 0
 Set-ItemProperty : Attempted to perform an unauthorized operation.
 At E:\news\Set-Privacy.ps1:157 char:13
 +             Set-ItemProperty -Path $Path -Name $Name -Value $value
 +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : PermissionDenied: (SpyNetReporting:String) [Set-ItemProperty], UnauthorizedAccessExcepti
    on
     + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

 HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SpyNetReporting changed to 0

this may be due to tightened security on a registry key.
This happened in 10.0.10586.218

The script sometimes gets errors on a German Windows 10 1607 DE.
This might be related to the $adminGroupName variable wich gets two values on a german system (Administratoren and Administratos).

PS-Output:
Der Wert "System.Object[]" vom Typ "System.Object[]" kann nicht in den Typ "System.Security.Principal.NTAccount"
konvertiert werden.
In Set-Privacy.ps1:523 Zeichen:9

•     $acl.SetOwner([System.Security.Principal.NTAccount]$adminGrou ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (:) [], RuntimeException
  • FullyQualifiedErrorId : ConvertToFinalInvalidCastException

Ausnahme beim Aufrufen von "SetAccessRule" mit 1 Argument(en): "Manche oder alle Identitätsverweise konnten nicht
übersetzt werden."
In Set-Privacy.ps1:527 Zeichen:9

•     $acl.SetAccessRule($rule)
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  • FullyQualifiedErrorId : IdentityNotMappedException

HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent already set to 0
Ausnahme beim Aufrufen von "RemoveAccessRule" mit 1 Argument(en): "Manche oder alle Identitätsverweise konnten nicht
übersetzt werden."
In Set-Privacy.ps1:542 Zeichen:9

•     $acl.RemoveAccessRule($rule) | Out-Null
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  • FullyQualifiedErrorId : IdentityNotMappedException

Best wishes,
Markus

More Actions > Settings > View advanced settings. Enable Do Not Track requests and disable search suggestions, page prediction and SmartScreen filter. Make sure that Cortana is switched off too.

Hello everyone! If anyone could help me I would greatly appreciate it! So basically I have downloaded the code and unzipped it to my Desktop page. I want to be able to edit the code to change the privacy settings as it's something I have to regularly do at work and it's quite a tedious task. I'm trying to work the code but I have no clue how to work the programme.

If I want to change the settings in this programme do I have to change the $value to which ever setting I want e.g $disable ?

So far I have tried "Function ImproveTyping([int]$value)" and then changing the "$value" to "$disable" so that it will turn off that setting. However when I run the programme which I do in the unzipped folder that I unzipped and click "run with powershell" on the application. None of the settings that I have changed the $value seem to change at all. I have tried saving the programme and then refreshing the folder to get it to accept the new commands however I cannot get it to work in my favour.

Am I using the programme correctly by changing the $value commands via "Windows Powershell ISE"? I'm not sure how to work this sort of programme as I'm a total beginner. Any help would be much appreciated.

Thank You
-N00bProgrammer123