hahndorf / set-privacy Goto Github PK
View Code? Open in Web Editor NEWPowerShell script to batch-change privacy settings in Windows 10
License: MIT License
PowerShell script to batch-change privacy settings in Windows 10
License: MIT License
There are a lot of registry value to change.
What does this function actually do?
On the first run of Set-Privacy.ps1
after a fresh install of Windows 10, I'm seeing a bunch of warnings:
PS > .\Set-Privacy.ps1 -Strong -Admin
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode changed to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseCredShared changed to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseOpen changed to 0
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry changed to 0
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:447 char:9
+ $acl = $key.GetAccessControl()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:448 char:9
+ $acl.SetOwner([System.Security.Principal.NTAccount]$adminGrou ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:449 char:9
+ $key.SetAccessControl($acl)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:452 char:9
+ $acl.SetAccessRule($rule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:453 char:9
+ $key.SetAccessControl($acl)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SpyNetReporting changed to 0
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent changed to 0
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:467 char:9
+ $acl.RemoveAccessRule($rule) | Out-Null
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At Set-Privacy.ps1:468 char:9
+ $key.SetAccessControl($acl)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Privacy settings changed
On the second run, everything seems to work fine:
PS > .\Set-Privacy.ps1 -Strong -Admin
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode already set to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseCredShared already set to 0
HKLM:\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features\WiFiSenseOpen already set to 0
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry already set to 0
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SpyNetReporting already set to 0
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent already set to 0
Privacy settings changed
So it looks the script assumes a number of registry keys exist and it outputs warnings when they don't exist. The script must create those keys, because subsequent runs don't output warnings.
It's not a big deal by any means. Just thought I'd report it, since I think it might be confusing to many first-time users.
Brilliant script btw. I was expecting I'd have to write something like it myself, but Set-Privacy.ps1
does a better job than anything I'd come up with.
fix10.isleaked.com suggests:
sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
I would rather disable the services.
This is because various registry keys are missing, like all the ones for the Edge browser and other modern Apps.
The question is does anybody care? Why would you use this on Server Core?
Have you considered adding Set-Privacy.ps1
to the PowerShell Gallery?
It would make installing the script as easy as:
Install-Script Set-Privacy
Then the user doesn't have to worry about being in the right directory, or unblocking zip files or anything like that.
I've never tried adding a script to the gallery, but the instructions look pretty easy. However, I have recently published a PowerShell module on there, so I'd be happy to answer any questions I can.
It makes changes in the registry under those keys, but most of the privacy setting are not affected.
After manually setting the privacy settings to off I checked the registry and 3 had switched from allow to deny.
2297E4E2-.... -- Device access
52079E78-.... -- App Notifications
A8804298-.... -- Radio
They have also added "Privacy access" buttons that allow you to turn off most of the privacy setting for everyone on the computer from the looks of it.
Does anyone know where the registry keys for the "access" buttons are, or the other parts of the privacy settings?
Edit: Spelling
Is it possible to configure a GP within the script?
I'm thinking about disabling the Windows Automatic Update and OneDrive use on win 10 pro/enterprise.
https://www.windowscentral.com/how-disable-shared-experiences-windows-10
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
DWORD EnableCdp=1
In Feedback and Diagnostic. Right now I only have a Insiders Build which doesn't me allow to change this.
In line 451 the keyword BUILTIN is useed, but it is depending on the Language of Windows 10.
Line 451:
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("BUILTIN$adminGroupName","FullControl","Allow")
this shuld work :
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("$env:hostname$adminGroupName","FullControl","Allow")
So far I couldn't find the registry locations for these settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
SubscribedContent-338388Enabled DWORD
0 = Off
1 = On
Have you tested, that the Wifi Sense feature will be disabled?
I also engaged a little about this feature but came to a different resolution.
In my case setting the key
HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\features<user-sid>\FeatureStates to 828 disabled the Wifi Sense at least in the Settings UI of Win10 (Settings->Network->Wifi->Configure Wifi Settings).
I also found this post on stackoverflow
Any way, many thanks for sharing your knowledge.
Registry Hive | HKEY_CURRENT_USER |
---|---|
Registry Path | Software\Policies\Microsoft\Windows\CloudContent |
Value Name | DisableWindowsSpotlightFeatures |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
all users
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search
AllowCloudSearch DWORD
(delete) = Default
0 = Disable
1 = Always enable
https://www.tenforums.com/tutorials/46494-enable-disable-cortana-lock-screen-windows-10-a.html
current user
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech_OneCore\Preferences
VoiceActivationEnableAboveLockscreen DWORD
0 = Off
1 = On
all users
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search
AllowCortanaAboveLock DWORD
(delete) = Enable
0 = Disable
See: http://windows.wonderhowto.com/inspiration/everything-you-need-disable-windows-10-0163552/
I don't have a Windows 10 with Wi-Fi, so I can't do this,
The "-" symbol before -Value (line 125) is incorrect.
https://www.tenforums.com/tutorials/100341-enable-disable-collect-activity-history-windows-10-a.html
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
PublishUserActivities DWORD
0 = Disable
1 = Enable
When using:
.\Set-Privacy.ps1 -Strong -Admin
I get:
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\AllowTelemetry changed to 0
Set-ItemProperty : Attempted to perform an unauthorized operation.
At E:\news\Set-Privacy.ps1:157 char:13
+ Set-ItemProperty -Path $Path -Name $Name -Value $value
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (SpyNetReporting:String) [Set-ItemProperty], UnauthorizedAccessExcepti
on
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SpyNetReporting changed to 0
this may be due to tightened security on a registry key.
This happened in 10.0.10586.218
The script sometimes gets errors on a German Windows 10 1607 DE.
This might be related to the $adminGroupName variable wich gets two values on a german system (Administratoren and Administratos).
PS-Output:
Der Wert "System.Object[]" vom Typ "System.Object[]" kann nicht in den Typ "System.Security.Principal.NTAccount"
konvertiert werden.
In Set-Privacy.ps1:523 Zeichen:9
$acl.SetOwner([System.Security.Principal.NTAccount]$adminGrou ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ausnahme beim Aufrufen von "SetAccessRule" mit 1 Argument(en): "Manche oder alle Identitätsverweise konnten nicht
übersetzt werden."
In Set-Privacy.ps1:527 Zeichen:9
$acl.SetAccessRule($rule)
~~~~~~~~~~~~~~~~~~~~~~~~~
HKLM:\SOFTWARE\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent already set to 0
Ausnahme beim Aufrufen von "RemoveAccessRule" mit 1 Argument(en): "Manche oder alle Identitätsverweise konnten nicht
übersetzt werden."
In Set-Privacy.ps1:542 Zeichen:9
$acl.RemoveAccessRule($rule) | Out-Null
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Best wishes,
Markus
More Actions > Settings > View advanced settings. Enable Do Not Track requests and disable search suggestions, page prediction and SmartScreen filter. Make sure that Cortana is switched off too.
Hello everyone! If anyone could help me I would greatly appreciate it! So basically I have downloaded the code and unzipped it to my Desktop page. I want to be able to edit the code to change the privacy settings as it's something I have to regularly do at work and it's quite a tedious task. I'm trying to work the code but I have no clue how to work the programme.
If I want to change the settings in this programme do I have to change the $value to which ever setting I want e.g $disable ?
So far I have tried "Function ImproveTyping([int]$value)" and then changing the "$value" to "$disable" so that it will turn off that setting. However when I run the programme which I do in the unzipped folder that I unzipped and click "run with powershell" on the application. None of the settings that I have changed the $value seem to change at all. I have tried saving the programme and then refreshing the folder to get it to accept the new commands however I cannot get it to work in my favour.
Am I using the programme correctly by changing the $value commands via "Windows Powershell ISE"? I'm not sure how to work this sort of programme as I'm a total beginner. Any help would be much appreciated.
Thank You
-N00bProgrammer123
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.