From f54df1f10c2e270d2dd07e8bd6f771a2d81d7499 Mon Sep 17 00:00:00 2001 From: Przemek Grondek Date: Mon, 1 May 2023 01:02:06 +0200 Subject: [PATCH] Update privacy --- src/Configuration/features/lite/privacy.yml | 281 +++++++++++++++++++- 1 file changed, 280 insertions(+), 1 deletion(-) diff --git a/src/Configuration/features/lite/privacy.yml b/src/Configuration/features/lite/privacy.yml index dc38344..905d2fc 100644 --- a/src/Configuration/features/lite/privacy.yml +++ b/src/Configuration/features/lite/privacy.yml @@ -128,11 +128,62 @@ actions: data: '0' type: REG_DWORD # Disable Windows Error Reporting + # https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsErrorReporting::WerDisable_2 + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting' + value: 'DoReport' + data: '0' + type: REG_DWORD - !registryValue: path: 'HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting' value: 'Disabled' data: '1' type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting' + value: 'Disabled' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting' + value: 'Disabled' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting' + value: 'AutoApproveOSDumps' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting' + value: 'DontSendAdditionalData' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting' + value: 'DontShowUI' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting' + value: 'LoggingDisabled' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent' + value: 'DefaultConsent' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent' + value: 'DefaultOverrideBehavior' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent' + value: '0' + data: '' + type: REG_SZ # Disable PowerShell telemetry # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_telemetry?view=powershell-7.3 - !cmd: {command: 'setx DOTNET_CLI_TELEMETRY_OPTOUT 1'} @@ -224,4 +275,232 @@ actions: path: 'HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WiFiSession' value: 'Start' data: '0' - type: REG_DWORD \ No newline at end of file + type: REG_DWORD + + # Disable Windows Customer Experience Improvement Program (CEIP) + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\AppV\CEIP' + value: 'CEIPEnable' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\SQMClient\Windows' + value: 'CEIPEnable' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\SQMClient\Windows' + value: 'CEIPEnable' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM' + value: 'OptIn' + data: '0' + type: REG_DWORD + + + # Disable text/ink/handwriting telemetry + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\InputPersonalization' + value: 'RestrictImplicitInkCollection' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\InputPersonalization' + value: 'RestrictImplicitTextCollection' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore' + value: 'HarvestContacts' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\Personalization\Settings' + value: 'AcceptedPrivacyPolicy' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC' + value: 'PreventHandwritingDataSharing' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports' + value: 'PreventHandwritingErrorReports' + data: '1' + type: REG_DWORD + + # Disable spell checking + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\TabletTip\1.7' + value: 'EnableSpellchecking' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\TabletTip\1.7' + value: 'EnableTextPrediction' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\TabletTip\1.7' + value: 'EnablePredictionSpaceInsertion' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\TabletTip\1.7' + value: 'EnableDoubleTapSpace' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\TabletTip\1.7' + value: 'EnableAutocorrection' + data: '0' + type: REG_DWORD + + # Disable typing insights + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\Input\Settings' + value: 'InsightsEnabled' + data: '0' + type: REG_DWORD + + # Configure app permissions/privacy section in Immersive Control Panel + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCall' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userNotificationListener' + value: 'Value' + data: 'Deny' + type: REG_SZ + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary' + value: 'Value' + data: 'Deny' + type: REG_SZ + + # Do not allow upload and publish of user activities + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' + value: 'UploadUserActivities' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\System' + value: 'PublishUserActivities' + data: '0' + type: REG_DWORD + + + + # Disable Performance Track (PerfTrack) + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' + value: 'ScenarioExecutionEnabled' + data: '0' + type: REG_DWORD + + # Disable advertising info + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo' + value: 'Enabled' + data: '0' + type: REG_DWORD + + # Disable license telemetry + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform' + value: 'NoGenTicket' + data: '1' + type: REG_DWORD + + # Disable Windows Feedback + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\Siuf\Rules' + value: 'NumberOfSIUFInPeriod' + data: '0' + type: REG_DWORD + - !registryValue: + path: 'HKCU\SOFTWARE\Microsoft\Siuf\Rules' + value: 'PeriodInNanoSeconds' + operation: delete + - !registryValue: + path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection' + value: 'DoNotShowFeedbackNotifications' + data: '1' + type: REG_DWORD + - !registryValue: + path: 'HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection' + value: 'DoNotShowFeedbackNotifications' + data: '1' + type: REG_DWORD +