Jump to content











Photo
* * * * * 2 votes

Windows 10 Enterprise LTSB - Mother of all tweak scripts

win10 windows 10 script tweaks

  • Please log in to reply
159 replies to this topic

#26 ericgl

ericgl

    Frequent Member

  • Expert
  • 314 posts
  •  
    Israel

Posted 05 August 2015 - 08:08 AM

Script updated to v0.8:

 

 - Added Don't allow Windows 10 to repair itself from Windows Update.

 

This is a VERY RISKY setting, but it's also the solution to our problem.

The problem was, that after we performed all those tweaks, Windows Update would restore files, folders & reg keys in order to "repair" the OS.

With this setting enabled - we now have more control  :victory:.


  • Nuno Brito and broodplank like this

#27 ericgl

ericgl

    Frequent Member

  • Expert
  • 314 posts
  •  
    Israel

Posted 05 August 2015 - 12:11 PM

Nuno,

Thanks for featuring my script in the Reboot.pro mailing list.

Cheers.



#28 dyn5

dyn5
  • Members
  • 9 posts
  •  
    Germany

Posted 05 August 2015 - 02:47 PM

Hey thanks for your work

 

Just a question where you could might help me.

After i applied everything i can't move files in my network anymore.

It says file not found.

Oh and also as a german, i can give you a tip with the temp folder thingy.

The group name needs to be Administratoren on german Windows.

 

And i can't install the background reg file. Even i used acl to set permissions I still have no permissions to install the regfile.

 

thanks in advance



#29 broodplank

broodplank

    Newbie

  • Members
  • 15 posts
  • Location:Nijmegen
  •  
    Netherlands

Posted 05 August 2015 - 03:25 PM

Hey thanks for your work

 

Just a question where you could might help me.

After i applied everything i can't move files in my network anymore.

It says file not found.

Oh and also as a german, i can give you a tip with the temp folder thingy.

The group name needs to be Administratoren on german Windows.

 

And i can't install the background reg file. Even i used acl to set permissions I still have no permissions to install the regfile.

 

thanks in advance

 

Indeed I can also not apply the reg file, I looked up the key in regedit, and it doesn't even exist in my case. which is why it fails I assume?

 

Also I only used english windows even though I'm dutch. but I believe Microsoft should set a standard of english names for things like that for the sake of programmers. code shouldn't have to be changed for different OS languages imo



#30 dyn5

dyn5
  • Members
  • 9 posts
  •  
    Germany

Posted 05 August 2015 - 03:36 PM

Indeed I can also not apply the reg file, I looked up the key in regedit, and it doesn't even exist in my case. which is why it fails I assume?

 

Also I only used english windows even though I'm dutch. but I believe Microsoft should set a standard of english names for things like that for the sake of programmers. code shouldn't have to be changed for different OS languages imo

 

everybody is cooking their own soup ^^



#31 ericgl

ericgl

    Frequent Member

  • Expert
  • 314 posts
  •  
    Israel

Posted 05 August 2015 - 03:49 PM

@dyn5,

 

I stated earlier that one of the "reg delete" commands causes a problem: You cannot rename folders anymore.

Please understand that this script is a work in progress, and look at it as beta release.

I'm trying to track down the exact command which caused this issue, but it's not simple.

I will report here when I find the fix.

 

I've added a preliminary step to the script:

Backup your entire registry before running any code from the script.



#32 dyn5

dyn5
  • Members
  • 9 posts
  •  
    Germany

Posted 05 August 2015 - 03:59 PM

thank you i will look forward to that



#33 NetworkPro

NetworkPro
  • Members
  • 7 posts
  •  
    Bulgaria

Posted 05 August 2015 - 04:47 PM

Here's a tool with source code that may be doing something more or differently than the script. Worth a look and maybe even joining forces!

 

http://www.reddit.co...ows_10_privacy/

 

https://github.com/1...acking/releases

 

Cheers!


  • bacwolf likes this

#34 greenworld

greenworld
  • Members
  • 4 posts
  •  
    Palestine

Posted 05 August 2015 - 06:24 PM

Thanks for the nice scripts. If possible, please save all these in a single zip file and provide us.

I stopped downloading Windows 10, when I read about its spying. But I think now I should give a try to it with help of your tweaks.



#35 daddy_fizz

daddy_fizz
  • Members
  • 8 posts

Posted 05 August 2015 - 08:23 PM

REM *** Set Windows Explorer to start on This PC instead of Quick Access ***
REM 1 = This PC, 2 = Quick access
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /f /v "LaunchTo" /t REG_DWORD /d 1 /f

 

 

This one has an extra /F in it...



#36 broodplank

broodplank

    Newbie

  • Members
  • 15 posts
  • Location:Nijmegen
  •  
    Netherlands

Posted 05 August 2015 - 08:39 PM

Here's a tool with source code that may be doing something more or differently than the script. Worth a look and maybe even joining forces!

 

http://www.reddit.co...ows_10_privacy/

 

https://github.com/1...acking/releases

 

Cheers!

 

 

Nice tool, also made something like it, but more extended. I was shocked by it's size tho. 9mb for a few registry edits, that's insane. apparently a compiled python script includes the whole runtime. (used Procmon to see what it did because it looked somewhat suspicious)

 

 

 



#37 ericgl

ericgl

    Frequent Member

  • Expert
  • 314 posts
  •  
    Israel

Posted 05 August 2015 - 09:17 PM

This one has an extra /F in it...

 

Thanks for noticing! Fixed.



#38 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 737 posts
  •  
    United Nations

Posted 05 August 2015 - 10:01 PM

Hello.

Few days ago I was doing similar things manually...WU at WIN10 is run over and repair itself.

Then i found Telemetry destroyer program - same thing.

It genuinely wouldn't surprise me if these telemetry removers were made by spying enforcement agencies to give idiots a false sense of security.

Windows 10 is like the virus.Will repair itself online from WU from any registry tweak we made. We can disable WU completely but that is death end...


The worst thing in W10 is "Wi-Fi Sense" nonSense - who leaks your wifi password to strangers...

People delude themselves that are safe messing a couple of things in OS.
 
If we delete telemetry Microsoft will stop spying us ? :dubbio:

 

There are a lot of the agencies that are doing same thing .

You must ban at least 766.065.001 IPs from here to do that  https://www.iblockli...ategory=general
:rofle: 

Because that i use PeerBlock for Windows & Linux at home. . .

And this is also not a 100% complete solution for privacy. :wheelchair: 

Required beast hardware(ASA/PIX/IOS Router) to block them all before OS :hyper:



#39 ericgl

ericgl

    Frequent Member

  • Expert
  • 314 posts
  •  
    Israel

Posted 05 August 2015 - 10:33 PM

@Mikorsit,

 

For the most part, you're right. Best protection is from outside the OS, between your PC(s) and the Internet.

But did you see the new section in my script:

Don't allow Windows 10 to repair itself from Windows Update

 

Should work...


  • NetworkPro likes this

#40 daddy_fizz

daddy_fizz
  • Members
  • 8 posts

Posted 05 August 2015 - 11:08 PM

Here are all the reg keys I found for enabling and disabling the items listed under Settings --> Privacy in Windows 10.  Feel free to add them to your script

 

http://reboot.pro/fi...ivacy-reg-keys/


Edited by daddy_fizz, 05 August 2015 - 11:09 PM.

  • NetworkPro likes this

#41 broodplank

broodplank

    Newbie

  • Members
  • 15 posts
  • Location:Nijmegen
  •  
    Netherlands

Posted 05 August 2015 - 11:13 PM

Here are all the reg keys I found for enabling and disabling the items listed under Settings --> Privacy in Windows 10.  Feel free to add them to your script

 

http://reboot.pro/fi...ivacy-reg-keys/

 

Hmm trying to download it but I don't have permission.. can you upload it on pastebin or so?



#42 daddy_fizz

daddy_fizz
  • Members
  • 8 posts

Posted 05 August 2015 - 11:35 PM

First time I've used the reboot.pro upload tool, I might have done something wrong - here it is on google drive for now

 

https://drive.google...iew?usp=sharing


  • bacwolf likes this

#43 broodplank

broodplank

    Newbie

  • Members
  • 15 posts
  • Location:Nijmegen
  •  
    Netherlands

Posted 05 August 2015 - 11:39 PM

First time I've used the reboot.pro upload tool, I might have done something wrong - here it is on google drive for now

 

https://drive.google...iew?usp=sharing

 

Thank you very much



#44 pxe

pxe
  • Members
  • 6 posts
  •  
    United States

Posted 06 August 2015 - 03:12 AM

@ericgl, since you seem really good at finding these registry settings, any idea where the SIZE of the start menu is saved? I am specifying a 'Start layout' with gpedit.msc, but that only contains the contents, not the width or height. I want several users to have minimal start menus. 

 

To disable Wi-Fi Sense, set 'value' to 0 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots.

 

If you prefer the Dark theme in Edge, you can change 'Theme' to 1 in HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main

 

 

REM VERSION: 0.8 
REM DATE LAST MODIFIED: 2015-08-05
CREATOR: ERICGL
 


Edited by pxe, 06 August 2015 - 03:28 AM.


#45 aizuon

aizuon
  • Members
  • 5 posts
  •  
    United Kingdom

Posted 06 August 2015 - 04:49 AM

todays update reverted some of the registry keys back had a lot of trouble...

windows just wont give up



#46 ericgl

ericgl

    Frequent Member

  • Expert
  • 314 posts
  •  
    Israel

Posted 06 August 2015 - 06:59 AM

@pxe,

Thanks for your suggestions. I will check the strings, and add it to the script (I don't use WiFi on my machine, so I haven't seen WiFi Sense rear its ugly head).

Also, I use Win10 Enterprise LTSB, which comes with Edge disabled. It only features IE11 as the default browser. I'll check those strings as well, and add them.

Regarding the Width/Height of the start menu - I will try to locate those values in the registry. The width seems to be multiples of around 150 pixels, but the height is much more granular.

 

@aizuon,

I'm running Windows Update now. Will check what its doing on my Win10 machine.

Thanks.

 

Now to another important matter:

 

Someone on MDL forums reported that the registry key for the stubborn scheduled task "BackgroundUploadTask" is in a different location than mine (which is alarming in terms of scripting).

 
On his machine, it's located at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18E3AD12-4E0A-4293-AE32-2B1F14BF8C9C}
 
On my machine, it's located at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}
 
Could you guys please check where this task is located on your machine(s)?
It would help me create a better script for this annoying task.


#47 NetworkPro

NetworkPro
  • Members
  • 7 posts
  •  
    Bulgaria

Posted 06 August 2015 - 07:19 AM

I noticed that  10se1ucgo tool ( https://github.com/1...ableWinTracking) tries to block IPs through hosts file which does not work.
 
The IPs can be blocked by routing them to On-Link "0.0.0.0" like this:
 
 
route -p add 65.55.108.23 MASK 255.255.255.255 0.0.0.0
route -p add 65.39.117.230 MASK 255.255.255.255 0.0.0.0
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0
route -p add 134.170.30.202 MASK 255.255.255.255 0.0.0.0
route -p add 137.116.81.24 MASK 255.255.255.255 0.0.0.0
route -p add 204.79.197.200 MASK 255.255.255.255 0.0.0.0
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0
More ways to catch outgoing connections:

- Windows Firewall Control or http://wfn.codeplex.com/releases
- GlassWire

Edited by NetworkPro, 06 August 2015 - 07:25 AM.


#48 freesoft00

freesoft00

    Newbie

  • Members
  • 29 posts
  •  
    China

Posted 06 August 2015 - 07:58 AM

Friends, how to prohibit DNS Client Events logged in system log

Have visited the Web site address
  • Nuno Brito likes this

#49 freesoft00

freesoft00

    Newbie

  • Members
  • 29 posts
  •  
    China

Posted 06 August 2015 - 11:10 AM

BTW, once all the "data leakage" tweaks have been performed, it's a good idea to add the following to the hosts file:
 
 


#BLOCK Microsoft Telemetry and data sending
#-----------------------------------------------------------
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
EDIT: As suggested by Wonko (and his source), I've replaced 127.0.0.1 to 0.0.0.0.

Indeed, it seems better to use 0.0.0.0:
screenshot_1.png

0.0.0.0 is IPv4
IPv6 no need to stop it

#50 dyn5

dyn5
  • Members
  • 9 posts
  •  
    Germany

Posted 06 August 2015 - 11:13 AM

 

@pxe,

Thanks for your suggestions. I will check the strings, and add it to the script (I don't use WiFi on my machine, so I haven't seen WiFi Sense rear its ugly head).

Also, I use Win10 Enterprise LTSB, which comes with Edge disabled. It only features IE11 as the default browser. I'll check those strings as well, and add them.

Regarding the Width/Height of the start menu - I will try to locate those values in the registry. The width seems to be multiples of around 150 pixels, but the height is much more granular.

 

@aizuon,

I'm running Windows Update now. Will check what its doing on my Win10 machine.

Thanks.

 

Now to another important matter:

 

Someone on MDL forums reported that the registry key for the stubborn scheduled task "BackgroundUploadTask" is in a different location than mine (which is alarming in terms of scripting).

 
On his machine, it's located at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18E3AD12-4E0A-4293-AE32-2B1F14BF8C9C}
 
On my machine, it's located at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00524425-019B-4FDD-B1C5-04767424D01B}
 
Could you guys please check where this task is located on your machine(s)?
It would help me create a better script for this annoying task.

 

 

on my surface pro 3 it's

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD141D6-4BC2-4050-A647-DC57E9244497}







Also tagged with one or more of these keywords: win10, windows 10, script, tweaks

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users