
“Reclaim Windows 10” Powershell Script - maxt
https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
======
mnadkvlb
I had been a long time Windows user, at home (W10) and
work(7/Server/Datacenter). Windows had been getting just more and more
intrusive like a malware since the last couple years. I hope they do something
to stop that. I have recently moved to Fedora and it is just awesome. Pretty
much everything works like amazing. Its not a complete replacement if you are
gaming, nvidia drivers are a bit painful to install but everything else just
works. Its been stable even after an update to Fedora 24->25\. I am so amazed
at how far linux has come. I am so satisfied with it that i am not moving back
to Windows for home usage.

I hope Microsoft stops with auto-update, otherwise the alternatives are also
catching up fast if you are not a gamer.

~~~
KirinDave
"Everything just works" so long as your expectations around "everything" are
essentially set by a desktop computer experience designed in 2005.

Linux on desktops is fine (except from a physical security standpoint), but
primitive in terms of UX. And it's still dependent on Mozilla or Google for
its browsing experience.

And if you want a portable computer (which by the way are demonstrably more
secure in the face of physical tampering) you basically relegate yourself to
terrible battery life, poor display support, dicey sleep support, and the
fixes for these often compromise performance.

I really wish Linux users would stop softballing their desktop vendors and
kernel maintainers so much. It's just not competitive!

~~~
corndoge
It's not primitive in terms of UX. You just need to spend more time
configuring it. Some will argue that that means it's primitive, but I don't
think so.

The point about portable computers is also false. You just need to pick a
machine with hardware manufactured by friendly vendors who help write drivers.
Why would you want to support anyone else?

Battery life? My x230 with tpm installed gets 6 hours of battery life on the
stock battery.

Display support? I'm using a 2560x1440 monitor with the mini displayport on my
x230 right now and have had no issues with it whatsoever. Plays Quake 3 great
too, no tearing. Debian Jessie.

Sleep support?

/etc/systemd/logind.conf

HandleLidSwitch=suspend

Performance issues? My system idles at 200mb. Good luck getting macOS or
Windows to do that. And to preempt the bias card, I use a Mac for work and
love it to death. I think most of your points were applicable in 2005. The
terrain has changed and the mainstream Linux distributions are now very stable
and usable daily driver systems.

Linux is more than competitive, it's just not targeted at inexperienced users.
Which is fine. Not everyone has the need or want to configure their computer
to suit them. Some people just need a computer that works. That's why macOS
and Windows exist.

~~~
KirinDave
> It's not primitive in terms of UX. You just need to spend more time
> configuring it. Some will argue that that means it's primitive, but I don't
> think so.

Okay, so... let's just think about what you said for a second. Windows 10 and
Mac OS X deliver extremely high end configuration with a lot of extensibility
in their Window managers via first and third parties _without extensive
modifications_. I have some unique XMonad configurations too! But if I have to
be a direct contributor to my experience, I remove a lot of the credit from
the people who shipped the software, because they basically sent me an SDK for
making a good UI environment.

> The point about portable computers is also false. You just need to pick a
> machine with hardware manufactured by friendly vendors who help write
> drivers. Why would you want to support anyone else?

Yeah. "Lenovo is friendly" is not a very compelling argument. Their support
and sales are miserable. Their machines are unimpressive. Their supported
versions of Linux are years out of date.

> Battery life? My x230 with tpm installed gets 6 hours of battery life on the
> stock battery.

My surface book gets 6 hours of battery life even if I'm compiling android
binaries regularly. Without changing anything.

> HandleLidSwitch=suspend

Are you actually going to pretend that sleep support isn't a major issue for
many portable hardware setups? Or is this restricted to "only specific token
gesture devices from specific vendors?"

> Performance issues? My system idles at 200mb. Good luck getting macOS or
> Windows to do that.

What does this have to do with performance?

> The terrain has changed and the mainstream Linux distributions are now very
> stable and usable daily driver systems.

So.. tell me... does Canonical's kernel update purge old kernel images yet, or
are regular users still SOL after about 8 months of use unless they invoke a
shell script they barely understand provided by stack overflow? Asking for a
friend who I had to do this form.

> Linux is more than competitive,

If Linux is only for experienced users but both OSX and Windows can deliver to
the full spectrum, then that's a superset, doge.

This kind of double standard is why linux ends up getting overhyped.

~~~
corndoge
at least I don't have to run 300 lines of powershell to remove telemetry and
candy crush soda saga from my brand new computer

checkmate

~~~
KirinDave
I don't either, and I never did. My brand new computer shipped without
spamware, because I chose a reputable vendor like Microsoft and not famously
abusive vendors like, say, Lenovo.

I'm not terribly concerned about app or browser telemetry. If you're using
Chrome, you're spitting back a ton. Firefox? Still sending some! Your mobile
device? Spitting back a ton. Everyone other machine? Also doing so. Canonical?
Also doing some, although to their credit it's less.

You have basically equated all telemetry with intrusive spyware, when in fact
it's usually banal data designed to make it easy to identify problems after a
bad software push. While maybe we _could_ have a discusion about where to draw
the line of "too much" for Windows 10, you've set such a profound double
standard you won't even allow a dialogue about it.

~~~
yankcrime
OP's comment around Candy Crush has nothing to do with Lenovo and everything
to do with Microsoft. It happens - by default - on clean installs of Windows
10.

------
raffapen
Being heavily involved in setting up standard developer workstations, I
consider this to be the only practical approach. It's way beyond any specific
config item (including telemetry). This is a sure way to get to a stable and
consistent configuration.

A few comments:

\- It is better to split such a mega-script into a set of named scripts, so
admins can mix-and-match their own configuration set. \- The configuration set
scripts should be re-entrant, that is, one can run it few times in a row,
achieving the same stable result. This is an important principle because those
scripts evolve over time until they are are stable, so the re-entrancy enabled
the re-configuration game.

\- Some configuration items are system-based while other are user-account-
based. This means that the latter should be invoked automatically once a new
user account is created.

\- VM is your friend. Wash, rinse, repeat.

\- It is not always wise to replace automation (PowerShell) invocations with
direct registry modifications. Tradeoffs should be obvious.

\- MDT setups should avoid direct system configuration wherever possible, and
rely on configuration scripts instead.

\- One of the features still not possible to script is setting the policy
startup/shutdown/login/logout scripts. One can provide this manually in a base
workstation image.

\- Esp. on Windows systems prior to Windows 10: make sure PowerShell is stable
- version and module-wise.

~~~
anton_gogolev
I believe the word you're looking for in your very first list item is
"idempotent", not "re-entrant".

~~~
raffapen
Right. One should ensure that simply re-invoking the script will not break
anything by itself. The end result between invocations may be different if
scripts are modified between invocations, as getting configuration right is a
tricky business.

------
cwyers
I seriously doubt that Windows 10 is doing anything so grave as to require you
to run some arbitrary PowerShell script you found on the Internet with
elevated privileges. If you do not understand every single command in this
thing, you should avoid it, and if you understand every single command in
this, you don't need it.

~~~
bdevine
Up voted for this:

"If you do not understand every single command in this thing, you should avoid
it, and if you understand every single command in this, you don't need it."

It's so universally applicable!

~~~
vocatus_gate
Not true - automation is great! I understand the script and would use it.

~~~
nerflad
Agree -- people are missing the point that this stuff would easily take over
an hour to do manually in the GUI.

------
bostand
I don't consider win10 telemetry that bad. You can dial it down a lot until
it's just sending crash data when thing go bad. Pretty much all OSes have
this.

What I _really_ don't like however is Microsoft pushing garbage like candy
crush to my machine without my consent.

~~~
kenjackson
What's the problem with telemetry in general? For almost all of the important
products I use I like to send usage info -- my expectation is that they're
more likely to improve features that I use as a result.

And if you use a web app, e.g., Google Apps, they get all this data plus more
(and completely not anonymized).

~~~
tux1968
Don't want any extra network usage when i'm connected to my cell phone hotspot
and using up my monthly data cap.

~~~
cobalt
windows has a 'metered' mode for network connections. I don't know if this
will stop said usage, but you could check

------
jmnicolas
We shouldn't have to fight the OS, this is ridiculous.

Before moving definitively to Linux I'm considering installing a proxy on my
router, bloc all ports except one and just redirect Firefox and a few apps
that need connectivity to this port.

I'm not a network guy though, might be complicated.

~~~
Tenoke
>We shouldn't have to fight the OS, this is ridiculous.

I know what you mean, but as a Linux user, I feel like I'm spending a fair
amount of time fighting the OS, too..

------
tossedaway334
Stuff like this is fundamentally unworkable when the people pushing software
updates are your adversaries. They already do stuff like ignore DNS settings
and firewall rules to send harvested data back to microsoft. They will almost
certainly break anything this does in the future too...

~~~
frik
Exactly. Windows 10 has a hard coded whitelist of IPs and donain names in the
kernel mode part of the OS (it's 64bit, it's signed, you can't modify it) -
those IPs and domains will be ignored from your hosts file or firewall rules.
Good luck with an hardware firewall attached to your Win10 notebook.
...unrealistic, so it's wise to stay with Win7 (minus some telemetry updates).
I hope Android/Fuchsia, and other desktop OS come along until 2020, or MSFT
CEO gets fired and they make a 180 degree u-turn.

------
airencracken
Rather than continuing to struggle against these features which will continue
to be added, why not use an operating system that respects your freedom?

~~~
jasonlotito
As someone who uses the big three desktops daily, freedom is just one facet. I
also want an operating system that respects my time. None of the free
operating systems out there do that.

Considering the state of Ubuntu, probably the "easiest" to use desktop out
there at the moment, my freedom is second to my ability to get a working
desktop.

~~~
khedoros1
We must be doing very different things. Outside of gaming, everything I do is
as fast or faster to get done on Linux.

~~~
leonatan
No to condescend, but that just means that what you do most likely only has to
do with programming. If you attempt to branch out into other fields of
activities, Linux software is just not capable enough. Try to edit a photo
beyond the basic capabilities of Gimp. Try to author a video project. Try to
master audio. Try to design and edit documents beyond the most basic
capabilities of LibreOffice. Attempt spreadsheet workflows.

It's just not there. But yes, if you want to run Python, GCC or Ruby from the
commandline, Linux is very capable of giving you a faster experience.

~~~
ptrincr
I mentioned this is another comment, but it's worth saying again. For
video/audio editing Blender can be used. Plus a bunch of other stuff, from
their website:

"Blender is the free and open source 3D creation suite. It supports the
entirety of the 3D pipeline—modeling, rigging, animation, simulation,
rendering, compositing and motion tracking, even video editing and game
creation."

Now its not the most intuitive pieces of software and you'll be spending a lot
of time on youtube following tutorials, but its freely available and
opensource.

~~~
leonatan
Please let me know how editing goes for you on Blender on a semi advanced
video project. These types of comments are the worst. It's on the same level
as "Yes, GIMP is an alternative to Photoshop because it has brush and layers".

------
druska
I recommend using Spybot Anti-Beacon [1], which is a safe way of disabling (or
enabling) Windows 10 features.

[1] [https://www.safer-networking.org/spybot-anti-beacon/](https://www.safer-
networking.org/spybot-anti-beacon/)

~~~
maxt
Nice haven't tried that. I use Shutup10 [https://www.oo-
software.com/en/shutup10](https://www.oo-software.com/en/shutup10)

~~~
LeoPanthera
I also use Shutup10, which is essentially the same as the script only with a
friendly GUI that lets you choose exactly what you want to do.

------
eli
If telemetry really bothers you, I think you'd be better off with a different
OS

~~~
KirinDave
Which one? An essentially unsupported Linux distribution? Canonical does
telemetry as well. Apple has been doing this for years an yet we still don't
sweat wrathful spate of headlines over it.

Oh and by the way, the logfiles from most package servers provide an accurate
description of what you're doing with your machine and a weak concept of
identity. So you'll need to avoid those.

Browsers keep updating and the vast majority of websites collect telemetry as
well. So no more internet.

But yeah, the OS app level telemetry seems like a pretty big deal and we
should stress out about it.

~~~
CaptSpify
Why is Canonical the only option here? There's plenty of other Linux choices
that don't use telemetry.

Also, if you use a browser that respects your privacy, and treats you like an
adult, then you can turn that telemetry off.

~~~
pjmlp
If only they bothered to support modern laptops as well as Ubuntu does.

------
becarefulyo
Careful, by default this disables the lock screen.

~~~
CJefferson
I've had a number of friends who have had to do reinstalls after running these
kinds of scripts. Easy to break lots of subtle things.

~~~
TranquilMarmot
Yeah, my first Windows 10 install I did a lot of the things in this script
(disable Cortana, Bing search, P2P updates, etc.) and my machine worked
fine... for a time. Things slowly started to go REALLY downhill, to the point
where I couldn't search the start menu and had to find the .exe for any
application I wanted to open, I couldn't view any images with the default
image viewer, the file explorer barely worked, and a whole bunch of other
weird things.

Eventually I gave up, reformatted the drive it was installed on, and re-
installed. Everything's been pretty much fine since then.

------
maxt
If you prefer a Batch script there's also Make Windows 10 Great Again:
[https://gist.github.com/IntergalacticApps/675339c2b805b4c9c6...](https://gist.github.com/IntergalacticApps/675339c2b805b4c9c6e9a442e0121b1d)

~~~
Tempest1981
Has a nice list of IP addrs and hostnames... thanks!

------
TwoNineA
I wonder what MS employees think when every week a new tool pops up disabling
data mining in their OS.

~~~
becarefulyo
I'm an enigneer on Windows. We actually use the crash dumps and the more the
better so we can prioritize reliability bugs. Usage telemetry helps us
prioritize work, like which settings to migrate from Control Panel to Settings
first, or to see if design changes actually made things better for people.

~~~
fuzzfactor
Unfortunately, the admirable removal of reliability bugs is in the same breath
as migrating settings away from Control Panel, when the latter is another one
of the things reducing the quality of the Microsoft/Windows experience.

~~~
Mithaldu
He didn't say "away".

------
vocatus_gate
This reminds me of the Tron project

[https://reddit.com/r/TronScript](https://reddit.com/r/TronScript)

------
my123
I don't recommend anyone to use all the script. Dial telemetry down to Basic
and then disable Cortana.

------
agumonkey
A vast majority is Registry config values, could have avoided the powershell
"version" here.

------
novaleaf
Warning: i tried turning Cortana off by following some powershell scripts (not
this one though). ended up she's still on, but now my search functionality is
broken. Nothing I did could fix it. Guess I need to reinstall windows if I
ever want to get that back.

------
aceperry
I seem to remember a few other apps and scripts that do the same thing, but I
also heard that they get out of date pretty quickly. Don't know if this is
going to keep up with the updates, but it shows that this is an ongoing
problem with Windows10.

------
russellbeattie
I have something like this for macOS turning off iCloud and killing .DS_store
files, among other annoyances. I wouldn't recommend running this as is
(neither does the author) but it's a nice list to pick and choose options
from.

------
MichaelMoser123
the script changes some registry settings - did you check that it really stops
snooping if you just set the registry settings and reboot? What if another
update just enables the snooping back regardless of the registry setting?

~~~
MichaelMoser123
anybody knows why Microsoft joined in with the data gathering? this move might
alienate their corporate customers and that's the real cash cow, don't they
make enough money out of licensing? They say that Mr. Nadella is such a smart
guy, but this really looks like a way to loose existing business.

------
pjmlp
Pity he missed the related shell scripts for the Apple and Google operating
systems.

------
alkonaut
Is it possible to disable the screen magnifier? I press it several times a day
by accident and it's really tricky to switch off...

~~~
nzubair
\- Launch "Ease of Access Center", either from control panel or search in
start menu.

\- Click Make the computer easier to see.

\- Uncheck the option Turn on Magnifier and click on Save

~~~
alkonaut
Oh I thought that turned it on (not enabled the shortcut). Will try that.
Thanks.

------
saghm
> Restrict Windows Update P2P only to local network

I find this interesting as a security choice rather than completely disabling
P2P updates, as I'd guess that a substantial number of users aren't in control
of all machines on their network, and if the other computers on the network
got their updates from peers outside the network, then you'll still end up
getting the updates from those peers. Is completely disabling P2P updates not
an option?

~~~
mjevans
It's a real question of how well it detects your /local/ network versus being
on that over a third party VPN.

For desktops local network is fine.

For laptops it should be a no-go.

------
BigChiefSmokem
Useless unless it also includes a way to prevent your privacy from being
invaded my Google, Amazon, et al. Just more fear mongering from the ye old
anti-Microsoft camp, (founded 1995).

------
spapas82
Hello, can anybody explain in simple words what this script does? How will it
affect the behavior of my windows installation? Should I run it?

Thanks !

~~~
derEitel
It will disable a lot of the Windows 10 telemetry features. Those are the
features that send a bunch of data about your usage back to Microsoft. This
includes Cortana and the Bing search tool in the normal windows search for
example.

If you want to run it you should read through it first, it says above every
function what it is going to disable. I would go with a simple rule: If you
don't understand it, don't disable it. Otherwise it contains code for enabling
all features again in case you start to miss something.

Edit: especially UI part seems to disable a lot of things by default that you
might not want to disable!

------
ape4
I'd like PowerShell more if it wasn't MixedCase.

~~~
gnaritas
It's not, you can do everything in lowercase. Still sucks.

