Thank you @abbodi86 , for collecting these ideas together at the top of a new topic. I think this option fits my needs better than group hopping. My needs may be different than others. It is good to have alternative methods described so well.

4 users thanked author for this post.

jburk07,

HiFlyer,

Microfix,

Pepsiboy

Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!

@abbodi86, Nice post! NEEDS TO BE AN AKB 😉
I have a couple of questions..
1. Regarding switches: /d 1 /f do these switches signify:
/d=decimal     1=numerical value (1=on 0=off)    /f= force (Thanks PKCano)

2. Having run the cmd
sc stop Diagtrack then sc delete Diagtrack
wouldn’t most of the pastebin script be redundant in that case? then I could manually adapt to suit the systems.

2 users thanked author for this post.

walker,

woody

OldBiddy wrote:

Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!

Don’t feel bad, its waay over my head also!

2 users thanked author for this post.

walker,

OldBiddy

Nice script.

Only thing is that I tend more to disable jobs than delete them, though the point could be made that deleting a job does make it more difficult for the software to re-enable.

-Noel

1 user thanked author for this post.

WildBill

@abbodi86, have you done performance testing to determine if not logging events gives back any machine performance?

Long ago I had done all of what you described, except disabling the AutoLogger-Diagtrck-Listener trace logging. I can’t imagine it will do THAT much for performance, but hey, every little bit helps. I’ll report back after I get another run of nightly jobs tonight and can compare the times.

Thank you for sharing your knowledge here!

-Noel

1 user thanked author for this post.

HiFlyer

Nadella’s gang has some competition in the race to collect Telemetry, it seems:

Google secretly logs users into Chrome whenever they log into a Google site

Firefox collects data on you through hidden add-ons

2 users thanked author for this post.

WildBill,

jburk07

Thanks for these excellent and clear instructions, @abbodi86! I wouldn’t mind going to Group B for my own machine, but it would be a pain to to go that route for the other 2 machines I update, and I wouldn’t have attempted the script since I wouldn’t know how to undo something if I mess up in executing the process. But these manual steps are very clear and not onerous. I had done some of them earlier, but I’ll be interested to see what happens to my settings after the October rollup.

I really appreciate your time and effort.

1 user thanked author for this post.

walker

abbodi86 wrote:

1) Unified Telemetry Client

– introduced in updates KB3068708/KB3080149, and became part of the Monthly Rollup since October 2016 preview rollup

Did NOT know this was in Monthly Rollup. Never install previews (& never will), so it’s been baked in since November 2016. I was surprised since Windows Update still shows as Recommended (do not receive Recommended updates the same as Important). Followed your manual instructions for disabling Telemetry Client services (I had already disabled DiagTrack) & Compatibility Appraiser tasks. Am still switching to Group B after Patch Tuesday, especially if KB2976978 still shows in Windows Update as Important, like KB3010149 does in Recommended. Would rather be Safe (& on Win8.1) than Sorry (& on Win10 whatever).

2 users thanked author for this post.

abbodi86,

walker

Thank you so much for the script! Just to clarify: Is there any functional difference between running this script after installing a rollup versus exclusively installing Security Only patches? In other words, does a Group A system where one installs the latest rollup and then runs the above script make any additional network connections than an identical system that has installed only Group B patches? Would there be any additional (telemetry related) CPU usage on the Group A version?

If the answer is no, then it seems the reasons for going Group B are rapidly vanishing!

1 user thanked author for this post.

jburk07

Is it safe to delete diagtrack.dll?

I just noticed the cmd script is unable to access certain subdirectories under the C:\ProgramData\Microsoft\Diagnosis path. (The icacls command issues “Access is denied.”) If I try to manually view the contents of these subdirectories, it’s not enough to simply access as administrator; I’m told I have to take ownership of the directory.

I’ve been in group b since the beginning.

The last time I updated though was the first important Service Stack update back in 05-26-2017 with KB4019264.  I knew there was things I had to do to keep up with Security since then, but every time I would come here and try to figure out which I had to do the list was long and didn’t have the time to fuss, so I just kept procrastinating. Lately though I Knew it was time I had to do something. After spending a hour reading which ones I needed to install, and during that I came across Woody saying it’s just best now to just go to group and save yourself all the hassle of keeping up with group B… and then I found this post thread he by abbodi86

Thank heavens, I absolutely love it! So simple. I’ve now become Group A and I’ll just run this script.

So I go to Windows update expecting to find all kinds things since I’ve been in group b for so long, but the only thing I saw needed (besides NET, Visual c++) was this 2019-03 monthly Quality Rollup for Win7 KB4489878 ..oddly though I did not see Service Stack Update KB4490628 that was suppose to be there, and I don’t have it installed either – why did the SSU not show up? ..because as I said the last SSU or any update I did was back in 2017!  I did not want to install KB4490628 separately though since it was not listed so I just went ahead with KB4489878  ..hopefully since I assume it’s cumulative it contains everything I need?

Anyway I installed it, quick and easy, and after reboot I ran abbodi86 telemetry cmd and here’s what it did:

..it was nice not to fuss with doing it all manually any more!  I see there was some things in the script it says it did not do, and I assume that was because of obvious reasons? I changed the script to /t 30 ..only because I needed an extra moment to take the screenshot and I only had one chance to catch what it said, so I made sure I had time and gave it 30 secs

Thank you abbodi86

I created a new reply to you PKCano and it showed up, but when I edited it and submitted then it completely disappeared? Was it deleted? …I’m just learning this forums format so, pardon. I will retype it again…

The Servicing Stack did not show up because it HAS to be installed exclusively (by itself). It does not show up in the Important Updates queue until there are no pending updates (checked or unchecked) in the update queue. The Servicing Stack is the update for the updating mechanism and is very important. You should install it.

Okay then, thank you. I created a partition image just before I started so I will just restore it and do it in the correct order this time with the SSU manually done first – if that would be best?  I don’t mind restoring at all it’s easy, and actually prefer it if it’s the best thing to do here?

The script needs to be run as “System,” not just from an eleveted command prompt. Along with the script, there is a command line in @abbodi86 ‘s AKB that sets up a Scheduled Task, run as “System” on bootup. To make it work, locate the script in the correct folder and run the command to create the Scheduled Task as per the instructions in the AKB.

Most things say succeeded, and I thought the few things listed in my screenshot that did not succeed was just because I already had all the tasks previously set disabled and in Services had the tracking disabled too. Most of his script worked and I see the things deleted out of the task scheduler now. PCKano you are saying not even if I right click and run as Admin it won’t work?

I can set it up as a task but only want/need to run once, but reading it again abbodi86 says in the first post:

– execute it after installing the Monthly Rollup and rebooting
you only need to run it once, and to be safe, once after each new rollup installation

…that’s what I did – does his first posts first method need to be re-worded again because I’m confused. It says just run it once each time you install a new rollup, and so it’s a cmd file and so I just ran it, even right click to run as admin.  If there was more to his first method why is it not listed? ..thanks for your patience.

Thank you PKCano. You really didn’t answer my main questions though; also to say I didn’t manually delete Diagtrack etc but his script did, with his 1st way which just says to execute it and is how I ran it. But you said no and that I needed to to it as a “System” task on boot up.  Well so I just ran his 2nd way adding in his scheduled task script was pretty easy. I even see the task added in there now as W10Telemetry, and so I rebooted to let her run and tracked what it did but really don’t see it did anything more because I ‘think’ as my above screenshot shows, it already did everything that was there available to do in his first method.

Did you look at my screenshot above?  Perhaps when abbodi86 looks at the screenshot since he wrote the script he will understand right away what was done or what’s needed now.  I really don’t think I need to do anything more?  The question though was and is his method #1 to Manually run his ‘W10Tel.cmd’ good enough? Yes/No? ..or is it better to run his method 2 within the task scheduler – I like some clarification on this from abbodi86 too if I may please.

Also my hinting asking you did I need to restore my OS image and do it all again just because I did not install the latest KB4490628 Servicing Stack Update first? ..so just now instead of restoring I installed it was very quick wanting no reboot. I see this SSU KB4490628 changed the previous version numbering from 6.1.7601.18766 up to 6.1.7601.24383.  Also just checking at WU it still has nothing new for me.

I’ve now set his W10Telemetry task as disabled and won’t need to run it until I do the next rollup when its imperative. Or like he says I will just run his method #1 ‘W10Tel.cmd’ Manually after the next time I do a cumulative rollup. Yes/No

Thank you

abbodi86 wrote:

Like @pkcano said, while it’s best to create/run Scheduled Task as “System”, there is no need to worry about those Access denied files, they don’t have an effect as long as DiagTrack service and WMI tracker are disabled, and the Appraiser tasks

Thank you.  I’ll do both then, I like to manually look at what the cmd prompt says when I first manually run ‘W10Tel.cmd’ after an update, and then manually reboot, but before rebooting I will also toggle my Schedule Tasks W10Telemetry back on and then let it reboot… might not be necessary to do it both ways but won’t hurt right… (then afterwards I’ll disable the task until the next time I update (which is not often) ..because no sense to have it run everyday for no reason right ..until of course the next update. I only update once every few months anyway when something is imperative or is the right MS-DEFCON

Thanks again, and nice work

PS – it feels GREAT to move to the easier Group A now.. I see why Woody (and others) suggest it.

Is there a script like this for Win10 to neutralize telemetry on Win10 too?

I’ve seen some programs like O&O etc, but just wondering if someone is maintaining a script to do it like is done here, or if it’s not that easy since 10 is more complex, what is the best program to do it on Win10?

Okay thank you guys, I understand don’t try to disable telemetry completely, and so then what is the balance, what is the most practical method that can be safely done with Win10?

I know I want to at least stop Win10 from auto updating itself, and perhaps this link below ‘may be’ the latest method – have you seen this one: ?

https://github.com/WereDev/Wu10Man

…or is there something better? (Yes EP I read the Computer world article, thank you)

As far as telemetry, again what are the minimal things we can do to tame it, without causing a fuss?

(I don’t mind if you move this post as I don’t want to hijack this Win7/8.1 thread.  I have Win7, Win8, and Win10 computers on my network, and Win7/8 worked perfectly with your W10Tel.cmd – I love it, thank you! …now I need to do a similar (or at least a minimum) of settings for Win10)

Many thanks for the removal script!

Just one question: If I understood it correctly, the script first adds a value HaveUploadedForTarget to the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser, and a few steps after, it deletes the whole Appraiser key.

Is this supposed to be this way or should it be the other way round?

2 users thanked author for this post.

Microfix,

abbodi86