Scroll to the bottom if you are interested in downloading an image of Windows 10 with all of the following changes already applied. If you do download it, please seed it for others. Thank you.

Foreword

An exceedingly common sentiment among the general public and even the supposedly more technically savvy cyberpunk community is that if one has nothing to hide that there is no reason to pursue privacy in their affairs. If the situation were reversed and instead we lived in a world where all of our data were protected by default, how many would deliberately compromise their security in an effort to show the world that they, in fact, had nothing to hide?

If your answer is negative, then you should make some minimal effort to ensure the security and privacy of your operating system. Following these instructions will perhaps add an additional 30 minutes to the duration of the installation and configuration, but will net a very lean and responsive operating system in return.

The optimization part of this guide is perhaps less important. While it is true that it is no longer necessary given that the power of CPUs and GPUs have radically outpaced the resource requirements of features aimed at aesthetics and convenience, there may still be other reasons to optimize the system beyond performance gains. Perhaps you want to reduce boot times, CPU/GPU usage, or power consumption.

Whatever the reason, if one is interested in optimizing the operating system, the time to do so is while first installing and configuring it. Therefore, the steps to optimize the system are mixed in with those changes made purely for security or privacy reasons to streamline the process and make it as fast as possible.

If you already have Windows 10 installed, you can still make the following changes to optimize your system and prevent further data collection activity.

This guide is of course specifically written for those using the Windows 10 operating system, but we invite others to share their practices of optimizing and securing *nix systems as well.

Introduction

This guide assumes that you have access to a trusted 'untouched' digital or physical copy of the Microsoft Windows 10 Enterprise (x64) operating system. If you do not have a copy, one can be easily acquired online. However, if you do acquire it online, you will also need to download additional software to activate the operating system. At the time of this writing, KMSpico is recommended as the best and safest option.

Please download the latest release of Disable Windows 10 Tracking and copy it to external media such as a flash drive. It may be wise to also download an offline installer for your favourite antivirus software—we recommend Bitdefender antivirus, but this is a personal preference—and your favourite web browser—open source options such as Chromium (not Chrome) and Firefox are recommended—so that you will never have to touch the Microsoft Edge browser and can even irreversibly destroy the operating system's native ability to browse the web if you would like.

If you would like to download an archive containing all of the files referenced in this guide, please click here to download it from MediaFire. The archive also includes text files with a list of the PowerShell commands and disabled services for your convenience.

Finally, ensure that you maintain an air gap by unplugging any ethernet cables from the system and never logging into your wireless network for the full duration of this process.

Installation

After inserting your installation media, boot your computer to the device. Select 'custom installation' and 'install Windows only (advanced)' when given the choice. If you want a perfectly clean slate, delete all existing partitions of the drive on which you want to install the operating system and create a new partition or multiple partitions if desired.

If you have a wireless card, it will ask you to connect to your network. Be sure to skip this step.

Now feast your eyes on the most manipulative screen Microsoft has ever created. Notice the title. It primes you to "get moving fast" and quickly click your way through the following screens without configuring any of those cumbersome settings. Notice especially that it seems that you are presented with only two choices: use their 'express settings' or cancel the installation altogether.

Instead, choose neither of these awful options and click the obscured 'customize settings' text on the bottom left.

Make sure you disable every single option presented on the following screens. Double check. One of the options includes a keylogger. You would be correct in noticing that none of these options are really "customizing" the operating system so much they are simply declining to offer Microsoft your information. Remember that the only way they are making any profit from distributing a free operating system is depending on the masses to accept their data collection practices, leave the advertisements on the start menu enabled, and search the web using Bing from the start menu, which has even more advertisements. When presented with the option, create a 'local account' and not a Microsoft account.

First Steps

Now that you're logged into Windows, the very first thing you want to do is prevent any data collection. Click on the search bar and a menu will appear. Click the cogwheel on the left and disable all of the settings found here.

Next right click on the task bar, select 'task manager', enable 'more details', and then right click on Cortana, select 'open file location', rename the selected folder to append ".old" to the end of the directory name, and then accept the change. Accept the prompt to give the command administrator privileges. It will then give you an error explaining that the folder cannot be renamed as some of it's contents are currently in use. Do not close this window. Instead, return to the task manager, right click on Cortana again, select 'end task', immediately return to the rename error and select 'try again'. If it failed again, then the Cortana process restarted before you clicked. Try again, but faster this time. Once the directory has been renamed, the process will cease to automatically restart. This is the only way that this can be done.

At this point, click the new start menu and right click on each of the menu items to the left and select 'don't show...' and right click on each of the tiles to the right and select 'unpin'. Most of these applications will be uninstalled later so disabling them now will prevent future registry errors.

There are also some changes we can make now that will accelerate many future steps in the guide. For example, open File Explorer and click the arrow on the far right to permanently 'expand the ribbon' menu. Click the 'view' tab, check the boxes to show 'file name extensions', and select 'change folder and search options' from the 'options' menu. Under the 'general' tab set open File Explorer to 'this PC', uncheck both privacy options, click 'apply', and then click 'clear' to empty the existing history. Under the 'view' tab check 'always show menus', 'display the full path in the title bar', and 'expand to open folder'. If you want a small performance gain, you can also check 'always show icons' and uncheck 'show encrypted or compressed NTFS files in color'. Under the 'search' tab check 'don't use the index when searching in file folders for system files' and uncheck 'include system directories'. Click 'OK' to apply the changes. Back in File Explorer you can 'unpin' all of the items from 'quick access' menu to the left to make your local drives and network computers more accessible.

Let's clean up the taskbar. Right click on it and select 'properties'. For now at least, select 'never combine' taskbar buttons to make navigating between windows faster and easier. If you have multiple displays, you can adjust the settings for those here as well. Click 'OK' to apply the changes. Right click on Microsoft Edge, Windows Store, and any other pinned programs to 'unpin' them from the taskbar to make room for other programs. You may also right click on the taskbar again if you would like to hide the search bar or other buttons cluttering the screen. Finally, click the arrow in the system to display the inactive system tray icon for OneDrive so you can right click on it and exit the program.

If you plan on using Microsoft Edge (not recommended), start the program, click the '...' at the right to open the menu, and click 'settings'. Under 'open with' select 'a specific page or pages', then select 'custom' from the drop down menu, and enter 'about:blank' into the empty field. Set 'open new tabs with' to 'a blank page' and click 'view advanced settings'. Uncheck every option except 'block pop-ups' and then check 'send Do Not Track requests'.

System Settings

Now we can begin to tear into the settings. Select 'settings' from the start menu. Here you will find a menu of new settings that are inaccessible from the control panel or by any other means.

System

Under the Notifications & Actions tab click 'turn system icons on or off', uncheck the 'action center', press back, and then uncheck all of the other notification options. Under the Mutitasking tab uncheck all options. Under the Offline Maps tab uncheck all options.

Devices

Under the Typing tab uncheck all options. Under the AutoPlay tab uncheck 'use autoplay for all media and devices'.

Network & Internet

Under the Wi-Fi tab click 'manage Wi-Fi settings', uncheck all options.

Personalization

The personalization options are only available after activation. If you downloaded the operating system from the internet, you must now install your activation software (be sure to run it as an administrator). If you are using KMSpico, you must then find the program in the start menu, open it, and press the button to perform the activation. Afterwards, return to the personalization menu and uncheck all options under the Start tab.

Ease of Access

Under the Other Options tab uncheck 'play animations in Windows' for a small performance gain and disable 'visual notifications for sound' if you prefer to not be disturbed by your taskbar flashing all the time.

Privacy

Under the Feedback & Diagnostics tab select to 'never' offer Windows your feedback and only send 'basic' device data to Microsoft. If you are following this guide on any edition other than enterprise, the 'never' option will not be available. This is no reason to despair. Just let it be and we will disable it by other means soon enough.

Under every other tab (including general, location, microphone, speech and typing, account information, contacts, calendar, messaging [SMS and MMS], radio, other devices, and background apps) first uncheck each individual app permission and then afterwards uncheck all of the other options as well. Don't hesitate to uncheck 'let apps use my camera' or 'let apps use my microphone'. The device will still work fine; it just won't send data to the Windows Store applications. If you want to permanently disable either of these devices, it must be done through the device manager.

Update & Security

Under the Windows Update tab click 'advanced options', set the dropdown to 'notify to schedule restart' to prevent Windows from immediately restarting without notice after completing background updates, and click 'choose how updates are delivered' to uncheck sharing updates over the local network and the entire internet (otherwise this could cost you a lot of money if your ISP imposes data caps). Return to the Update & Security window. Under the Windows Defender tab disable cloud-based protection and sample submission and also real-time protection if you would like to install your own antivirus software (recommended).

Disable Windows 10 Tracking

Insert the external media on which you saved Disable Windows 10 Tracking and right click on the application and select 'run as administrator'. You will be prompted by a User Account Control notification. Accept it. In the application check every setting, select 'delete' as the service method, and verify that the mode is set to 'privacy'. Click 'Go!' and allow it to run. All of these processes could have been performed manually, but would require much more time and effort to complete. After the application has finished, run the application one final time, check 'select all apps', and click 'uninstall selected apps'. This action may take some time. Now is a good time to restart the computer.

Uninstalling Software

Run Windows PowerShell as an administrator. Copy and paste each of the following commands into the command line and hit enter. If there is no action, that means the task has already been completed. Just move onto the next command.

Uninstall 3D Builder

Get-AppxPackage *3dbuilder* | Remove-AppxPackage

Uninstall Alarms and Clock

Get-AppxPackage *windowsalarms* | Remove-AppxPackage

Uninstall Calculator

Get-AppxPackage *windowscalculator* | Remove-AppxPackage

Uninstall Calendar and Mail

Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage

Uninstall Camera

Get-AppxPackage *windowscamera* | Remove-AppxPackage

Uninstall Get Office

Get-AppxPackage *officehub* | Remove-AppxPackage

Uninstall Get Skype

Get-AppxPackage *skypeapp* | Remove-AppxPackage

Uninstall Get Started

Get-AppxPackage *getstarted* | Remove-AppxPackage

Uninstall Groove Music

Get-AppxPackage *zunemusic* | Remove-AppxPackage

Uninstall Maps

Get-AppxPackage *windowsmaps* | Remove-AppxPackage

Uninstall Microsoft Solitaire Collection

Get-AppxPackage *solitairecollection* | Remove-AppxPackage

Uninstall Money

Get-AppxPackage *bingfinance* | Remove-AppxPackage

Uninstall Movies & TV

Get-AppxPackage *zunevideo* | Remove-AppxPackage

Uninstall News

Get-AppxPackage *bingnews* | Remove-AppxPackage

Uninstall OneNote

Get-AppxPackage *onenote* | Remove-AppxPackage

Uninstall People

Get-AppxPackage *people* | Remove-AppxPackage

Uninstall Phone Companion

Get-AppxPackage *windowsphone* | Remove-AppxPackage

Uninstall Photos

Get-AppxPackage *photos* | Remove-AppxPackage

Uninstall Store

Get-AppxPackage *windowsstore* | Remove-AppxPackage

Uninstall Sports

Get-AppxPackage *bingsports* | Remove-AppxPackage

Uninstall Voice Recorder

Get-AppxPackage *soundrecorder* | Remove-AppxPackage

Uninstall Weather

Get-AppxPackage *bingweather* | Remove-AppxPackage

Uninstall Xbox

Get-AppxPackage *xboxapp* | Remove-AppxPackage

Replacing Software

Since the default calculator and image viewer were removed in the process of deleting all of the native Windows Store apps, third-party software and registry changes can restore the original Windows Calculator and Windows Photo Viewer respectively. Afterwords, return to the Settings menu, enter the System menu, select the Default Apps tab, and change the default photo viewer to the restored Windows Photo Viewer.

Computer Management

Open Computer Management by selecting it under Administrative Tools. Select System Tools, then Task Scheduler, then Task Scheduler Library, then Microsoft, then Windows, then Application Experience. Right click on each of the three tasks and select 'disable'.

Control Panel

Enter the Control Panel and change 'view by' to 'small icons'.

Devices and Printers

If you have an integrated or dedicated video or audio card with proprietary drivers maintained by the vendor, you want to make sure that Windows Updates doesn't replace your vendor's drivers with their generic Microsoft drivers whenever theirs happen to have been more recently updated. Right click on your computer, select 'Device Installation Settings', then 'No, let me choose what to do', select 'Never install driver software from Windows Update', uncheck 'automatically get the device app and info provided by your device manufacturer', and then click 'save changes' to apply the changes.

Power Options

If you have a desktop computer, you will want to change the power settings to 'High performance' and click 'change plan settings', then 'change advanced power settings', then expand 'hard disk', then 'turn off hard disk after', set it to 'never', expand 'USB settings', then 'USB selective suspend setting', set it to 'disabled', and click 'OK' to apply the changes.

Programs and Features

Click 'Turn Windows features on or off', uncheck Internet Explorer, Media Features, Windows Fax and Scan under Print and Document Services, and Work Folders Client, and click 'OK' to apply the changes. This may take some time.

Sounds

Select the Sounds tab, set the Sound Scheme to 'No Sounds', and click 'OK' for a tiny gain in performance.

System

Select Advanced system settings, select the Advanced tab, and enter performance settings. Under the Visual Effects tab uncheck all settings other than 'show shadows under mouse pointer', 'show shadows under windows', 'show window contents while dragging', 'smooth edges of screen fonts', 'smooth-scroll list boxes', and 'use drop shadows for icon labels on the desktop' for a moderate gain in performance. Under the Advanced tab click change the virtual memory, uncheck 'automatically manage paging file size for all drives', select 'custom size', and enter the value of your total system memory (e.g., 16384MB [1024MB x 16GB] if you have 16GB of RAM) for both the 'initial size' and 'maximum size' fields, and click 'Set' to apply the changes. If this is a desktop computer and you have both SSD and HDD drives installed, instead set 'no paging file' for each SSD drive and set the aforementioned 'custom size' values on only one of your HDD drives. Afterwords, click 'OK' to apply the changes.

If you would like to also disable System Restore, under the System Protection tab select any drives and where protection is set to on, click configure, set it to 'disable system protection', drag the slider all the way to the left, press 'delete', and click 'OK' to apply the changes.

Group Policy Editor

Open the Local Group Policy Editor by entering 'gpedit.msc' into the Run prompt. Under Computer Configuration select Administrative Templates, then Windows Components, then Data Collection and Preview Builds, select 'Allow Telemetry', set it to 'disabled', and click 'OK' to apply the changes. This is just a second barrier to telemetry beyond disabling it under the Feedback & Diagnostics tab of the Privacy menu we set earlier. Also note that this group policy setting is merely cosmetic for any version of Windows 10 other than the enterprise edition. Nevertheless, the Disable Windows 10 Tracking program already disabled telemetry via a registry modification and blocked all Microsoft telemetry servers via the hosts file.

Under Windows Components select OneDrive, then 'Prevent the usage of OneDrive for file storage', set it to 'enabled', and click 'OK' to apply the changes.

If you are using third-party antivirus software (recommended), then under Administrative Templates select Windows Defender, then 'Turn off Windows Defender, set it to 'enabled', and click 'OK' to apply the changes.

Registry Editor

Open the Registry Editor by entering 'regedit' into the Run prompt. Under Local Machine select Software, then Microsoft, then Windows, then CurrentVersion, then Policies, then DataCollection, select 'AllowTelemetry', verify that '0' is set as the value data, and click 'OK' to apply the changes if necessary.

While in the Registry Editor, we can make a few additional changes. If you have a sufficiently fast hard drive, you can disable the unnecessary delay between first logging into Windows and the initialization of startup applications. Under Current User select Software, then Microsoft, then Windows, then CurrentVersion, then Explorer, and if the 'Serialize' key does not exist, create it in Explorer by right clicking, selecting 'New', then 'Key', and name it Serialize. Select Serialize, then right click, select 'New', then 'DWORD (32-bit) Value', name it 'StartupDelayInMSec', set '0' as the value data, and click 'OK' to apply the changes.

For a small performance gain, under Current User select Software, then Microsoft, then Windows, then CurrentVersion, then Themes, then Personalize, select 'EnableTransparency', set '0' as the value data, and click 'OK' to apply the changes. While here you can also replace the default light theme of the Settings menu with a hidden dark one. Under Current User select Software, then Microsoft, then Windows, then CurrentVersion, then Themes, then Personalize, right click, select 'New', then 'DWORD (32-bit) Value, name it 'AppsUseLightTheme', set '0' as the value data, and click 'OK' to apply the changes.

Security Policy Editor

Open the Local Security Policy editor by entering 'secpol.msc' into the Run prompt. Select Local Policies, then Security Options, select 'Accounts: Administrator account status', set it to disabled, then click 'OK' to apply the changes. Select 'Accounts: Block Microsoft accounts', set it to 'users can't add or log on with Microsoft accounts', then click 'OK' to apply the changes.

Services Editor

Open the Services editor by entering 'services.msc' into the Run prompt. Double click each of the following services in sequence, set the startup type to disabled, and click 'OK' to apply the changes. Some of these services will not be available until after performing Windows Updates so you will have to return here later.

AllJoyn Router Service

Application Host Helper Service

Application Layer Gateway Service

ASP.NET State Service

BranchCache

Certificate Propagation

Client for NFS

Distributed Link Tracking Client

dmwappushsvc

Downloaded Maps Manager

DS Role Server

Enterprise App Management Service

Fax

Geolocation Service

Health Key and Certificate Management

Hyper-V Data Exchange Service

Hyper-V Guest Service Interface

Hyper-V Guest Shutdown Service

Hyper-V Heartbeat Service

Hyper-V Remote Desktop Virtualization Service

Hyper-V Time Synchronization Service

Hyper-V VM Session Service

Hyper-V Volume Shadow Copy Requestor

IIS Admin Service

Internet Connection Sharing (ICS)

Internet Explorer ETW Collector Service

IP Helper

LPD Service

Message Queuing

Message Queuing Triggers

Microsoft (R) Diagnostics Hub Standard Collector Service

Microsoft FTP Service

Microsoft iSCSI Initiator Service

Microsoft Windows SMS Router Service

Net.Msmq Listener Adapter

Net.Pipe Listener Adapter

Net.Tcp Listener Adapter

Net.Tcp Port Sharing Service

Netlogon

Offline Files

Remote Procedure Call (RPC) Locator

Remote Registry

Retail Demo Service

RIP Listener

Routing and Remote Access

Sensor Data Service

Sensor Monitoring Service

Sensor Service

Simple TCP/IP Services

Smart Card

Smart Card Device Enumeration Service

Smart Card Removal Policy

SNMP Service

SNMP Trap

Storage Service

Touch Keyboard and Handwriting Panel Service

W3C Logging Service

Web Management Service

Windows Biometric Service

Windows Connect Now - Config Registrar

Windows Media Player Network Sharing Service

Windows Mobile Hotspot Service

Windows MultiPoint Server Host Service

Windows MultiPoint Server Repair Service

Windows Presentation Foundation Font Cache 3.0.0.0

Windows Process Activation Service

Windows Remote Management (WS-Management)

Work Folders

World Wide Web Publishing Service

Xbox Live Auth Manager

Xbox Live Game Save

XboxNetApiSvc

Shoutout to BlackViper for testing all of these tweaks.

Finishing Touches

It is now safe to connect your system to the internet with confidence that Microsoft will not have access to any of your data. Please remember to return to the Personalization and Services sections of this post to finish completing them after performing Windows Updates.

Classic Shell

If you don't care for the new start menu, you can replace it with the classic shell. If you do so, you may want to set the following options for a small gain in performance.

Check 'show all settings' and then search and modify the following options:

show metro apps: uncheck

show folders first: check

show recent or frequent programs: select don't show

show start screen shortcut: uncheck

highlight newly installed programs: uncheck

track frequency of use: uncheck

enable auto-complete: uncheck

search files: uncheck

search the internet: uncheck

search the system path: uncheck

override glass color: check

menu glass color: set to '000000' for black, for example

glass opacity: set to '100'

customize taskbar: check

taskbar look: set opaque

taskbar color: set to '000000' for black, for example

open windows start menu on monitor with the mouse: check

Under the Skin tab select Windows 8 as the Skin and check 'small icons'.

Now you can right click on any application or shortcut in your start menu or anywhere else on your computer and select 'Pin to Start menu (Classic Shell)' to pin your favourite programs to the start menu for faster access.

More Security

For even more privacy and security, follow the instructions on the "tips and tricks" thread to block advertisement, malware, and tracking servers in your hosts file.

Afterword

There are those that would say all of the aforementioned steps are worthless because the operating system has a backdoor or that if someone really wants into your system, that they will find a way in. Both of these are defenses of complacency and not actual arguments.

The operating system is not backdoored and you would realize this if you listened to the response of private corporations after learning about the telemetry feature. They were willing to boycott the upgrade because they have corporate secrets that they would rather not freely hand over. Microsoft may not be selling Windows 10 to end-users yet, but they still depend on government and corporate clients to pay for volume licensing and technical support. In the end, Microsoft acquiesced and added the option to disable telemetry (only in the enterprise edition of the operating system). The instructions above utilize that option, but also disable it by other means for those using other editions.

As for others wanting into your system, that's on you. We don't know your enemies. However, even if the argument were true, why would would you make it any easier for them to access your system?

A Faster Alternative

If you trust the author of this post, you can download an image of Microsoft Windows 10 Enterprise (x64) with only the modifications outlined in this post and no third-party drivers or software installed nor any Windows Updates applied.

The image was created using the Backup and Restore (Windows 7) utility of Windows 10. An existing copy of Windows version 7 or newer must be installed on the computer before completely overwriting it with the downloaded image. The installation can be performed using the Backup and Restore (Windows 7) feature in the Control Panel. Alternatively, you could use a working copy of a Windows 7 or Windows 10 installation media and use the restore utility from there. After finishing the installation of the image, you will want to customize the installation with regard to your particular system's specifications. You will especially want to increase or decrease the fixed size of the page file to match the amount of system RAM on your system.

Addendum

The Windows 10 Anniversary Update will re-install Cortana and more deeply integrate it into the system. Select one or more of the options below to disable or remove Cortana depending on your preferences. It would also be wise to run the latest version of Disable Windows 10 Tracking again.

All Windows 10 editions: Registry Editor

Open the Registry Editor by entering 'regedit' into the Run prompt. Under Local Machine select Software, then Microsoft, then Windows, and if the 'Windows Search' key does not exist, create it in Windows by right clicking, selecting 'New', then 'Key', and name it Windows Search. Select Windows Search, then right click, select 'New', then 'DWORD (32-bit) Value', name it 'Allow Cortana', set '0' as the value data, and click 'OK' to apply the changes.

Windows 10 Professional and Enterprise: Group Policy Editor

Open the Local Group Policy Editor by entering 'gpedit.msc' into the Run prompt. Under Computer Configuration select Administrative Templates, then Windows Components, then Search, select 'Allow Cortana', set it to 'disabled', and click 'OK' to apply the changes.

All Windows 10 editions: Command Line Script

If you would like to remove it completely, it will take slightly more effort. There is a small script, however, that will make the process seamless. You can download it here. We would like to warn you that a small number of users have found that removing Cortana after this update broke the default Windows shell. I have not been able to reproduce this problem, but I included a copy of ClassicShell in the package just in case.

We hope you enjoy your newly secured and optimized operating system. If you have any questions or comments, please feel free to reply to this thread.