Topic: 2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model @ AskWoody

2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model

Posted on abbodi86 Comment on the AskWoody Lounge
Home › Forums › Knowledge Base › 2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model

Tagged: KB 2952664, KB 2976978, Monthly rollup, telemetry, Windows Telemetry

This topic contains 28 replies, has 12 voices, and was last updated by
PKCano 1 month, 1 week ago.
- Author
  
  Posts
- September 24, 2018 at 9:07 am #219238 Reply
  
  abbodi86
  AskWoody_MVP
  
  AKB 2000012: How To Neutralize Telemetry and Sustain Windows 7 and 8.1 Monthly Rollup Model
  
  by @abbodi86
  
  Published September 24, 2018 | rev 1.0
  
  # Background #
  
  Microsoft had backported two main parts of Windows 10 Telemetry system to Windows 7 and 8.1
  
  1) Unified Telemetry Client
  
  – introduced in updates KB3068708/KB3080149, and became part of the Monthly Rollup since October 2016 preview rollup
  
  – represented by the Diagnostics Tracking Service (DiagTrack) and the event trace session (AutoLogger-Diagtrack-Listener)
  
  – handle the diagnosis tracking and logging, and the online telemetry reporting endpoints
  
  2) Microsoft Compatibility Appraiser
  
  – introduced in KB2952664/KB2976978, and now become part of the Monthly Rollup staring September 2018 preview rollup
  
  – represented by the “Application Experience” schedule tasks (Microsoft Compatibility Appraiser, ProgramDataUpdater, AitAgent)
  
  – the actual telemetry controller and runner, handles the compatibility evaluation and collecting, and device inventory
  
  # Neutralization #
  
  Despite the infamous reputation and some exaggeration, these Telemetry components in Windows 7/8.1 updates are not deeply implemented into OS and can be easily disabled or eliminated
  this can be done officially with few manual steps, or a simple batch script (with exra little-aggressive setings)
  
  1) W10Tel.cmd
  
  – copy or download the contents from this paste bin, and save as .cmd file
  https://pastebin.com/zeJFe08G
  
  – execute it after installing the Monthly Rollup and rebooting
  you only need to run it once, and to be safe, once after each new rollup installation
  
  – you can also use Task Scheduler to run the script with each system startup, e.g.
  copy the script to C:\Windows directory
  open command prompt as administrator, and execute:
  SCHTASKS /Create /F /RU "SYSTEM" /RL HIGHEST /SC ONSTART /TN W10Telemetry /TR "cmd /c %windir%\W10Tel.cmd"
  
  2) Manual:
  
  the demonstration is done on Windows 7, same steps applies for Windows 8.1 too
  
  – DiagTrack service
  
  open Services from Task Manager
  or from Control Panel > Administrative Tools > Services
  
  find Diagnostics Tracking Service, right-click and select Properties
  change Startup type to Disabled, then click on Stop button
  
  – WMI AutoLogger-Diagtrack-Listener
  
  right-click on Computer icon and select Manage (This PC in Windows 8.1)
  or from Control Panel > Administrative Tools > Computer Management
  
  expand to the node Performance > Data Collector Sets
  
  from Event Trace Sessions, right-click on AutoLogger-Diagtrack-Listener or Diagtrack-Listener and Stop it (you may also delete it afterwards)
  
  from Startup Event Trace Sessions, right-click on AutoLogger-Diagtrack-Listener and select Properties, then clear Enabled check from Trace Session tab (you may also delete it afterwards)
  
  you can also disable AITEventLog and SQMLogger too (those are already exist in the system, not added by updates)
  
  – Compatibility Appraiser tasks
  
  launch Task Scheduler from Start Menu
  or from Control Panel > Administrative Tools > Task Scheduler
  
  goto Task Scheduler Library > Microsoft > Windows > Application Experience
  disable all tasks (you may also delete them too)
  
  do the same with tasks in Customer Experience Improvement Program
  
  # Closure #
  
  Deleting schedule tasks or WMI logger is totally safe, and just to avoid being re-enabled unexpectedly
  they don’t affect the OS functions in any way
  
  Except the show stopper bugs and errors, Monthly Rollup does not need to be avoided for the sake of telemetry hustle
  
  Total of 31 users thanked author for this post. Here are last 20 listed.
  
  willygirl,
  SteveTree,
  Sandman,
  AusJohn,
  OscarCP,
  Bill C.,
  Ascaris,
  woody,
  Steve,
  lanceboil,
  walker,
  WildBill,
  jburk07,
  HiFlyer,
  SueW,
  radosuaf,
  AlexEiffel,
  Noel Carboni,
  MikeFromMarkham,
  Grond
- September 24, 2018 at 1:12 pm #219315 Reply
  
  anonymous
  
  Thank you @abbodi86 , for collecting these ideas together at the top of a new topic. I think this option fits my needs better than group hopping. My needs may be different than others. It is good to have alternative methods described so well.
  
  4 users thanked author for this post.
  
  jburk07,
  HiFlyer,
  Microfix,
  Pepsiboy
- September 24, 2018 at 1:20 pm #219320 Reply
  
  OldBiddy
  AskWoody Lounger
  
  Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!
- September 24, 2018 at 1:49 pm #219332 Reply
  Microfix
  AskWoody MVP
  @abbodi86, Nice post! NEEDS TO BE AN AKB 😉
  I have a couple of questions..
  1. Regarding switches: /d 1 /f do these switches signify:
  /d=decimal 1=numerical value (1=on 0=off) /f= force (Thanks PKCano)
  
  2. Having run the cmd
  sc stop Diagtrack then sc delete Diagtrack
  wouldn’t most of the pastebin script be redundant in that case? then I could manually adapt to suit the systems.
  
  | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
  Can't see the wood for the trees? Look again!
  
  1 user thanked author for this post.
  
  woody
  - September 24, 2018 at 10:50 pm #219491 Reply
    
    abbodi86
    AskWoody_MVP
    
    Yes, 0 and 1 are mostly the binary translation of ON and OFF
    
    i never use or recommend sc delete Diagtrack
    disabling the service is perfectly enough
    
    and WMI Autologger and Compatibility Appraiser can still function without it
    
    2 users thanked author for this post.
    
    HiFlyer,
    Microfix
    - September 25, 2018 at 6:21 am #219522 Reply
      
      Microfix
      AskWoody MVP
      
      Had these done anyway for W7/ W8.1, just better to check against the script for anything I may have missed. IIRC I done most of these via Task Scheduler, cmd prompt and registry edits (exported before deletion where applicable) over a year ago. Just a different method of what I’d already done 🙂 All good!
      Script is now on standby for October 2018 patches onward for re-introduction in SQMR updates. sigh.
      
      | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
      Can't see the wood for the trees? Look again!
- September 24, 2018 at 3:06 pm #219353 Reply
  
  fernlady
  AskWoody Lounger
  
  OldBiddy wrote:
  
  Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!
  
  Don’t feel bad, its waay over my head also!
  
  Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller
  
  2 users thanked author for this post.
  
  walker,
  OldBiddy
  - September 24, 2018 at 5:12 pm #219401 Reply
    
    OldBiddy
    AskWoody Lounger
    
    Thank you, @fernlady. Maybe it’s time for me to just move on to a Chromebook or MacBook at this point. Although Google’s snooping may be worse than MS’s.
- September 24, 2018 at 11:06 pm #219503 Reply
  
  Noel Carboni
  AskWoody_MVP
  
  Nice script.
  
  Only thing is that I tend more to disable jobs than delete them, though the point could be made that deleting a job does make it more difficult for the software to re-enable.
  
  -Noel
  
  1 user thanked author for this post.
  
  WildBill
  - September 25, 2018 at 6:31 am #219523 Reply
    Microfix
    AskWoody MVP
    
    There is exactly that scenario Noel (I’m covering all bases), from my POV the Diagtrack service was removed to make it more difficult for MS to re-introduce (unless a SFC repair is done). One has to wonder whether the Diagtrack service will be introduced into SQMR patches as well as kb3068708/ kb3080149?
    
    | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
    Can't see the wood for the trees? Look again!
    - September 25, 2018 at 8:30 am #219547 Reply
      
      Noel Carboni
      AskWoody_MVP
      
      For what it’s worth, this script doesn’t break serviceability as checked by SFC, so I wouldn’t think an SFC /SCANNOW would change anything back. DISM on the other hand, I don’t know.
      
      -Noel
      
      Attachments:
      You must be logged in to view attached files.
      
      2 users thanked author for this post.
      
      abbodi86,
      Microfix
    - September 25, 2018 at 9:21 am #219561 Reply
      
      abbodi86
      AskWoody_MVP
      
      Diagtrack is part of SMQR since October 2016
      
      1 user thanked author for this post.
      
      jburk07
      
      September 25, 2018 at 9:43 am #219565 Reply
      
      Microfix
      AskWoody MVP
      
      You are correct abbodi86. One observation I have found is, that having removed Diagtrack completely a few months ago, I check after every monthly SQMR patch installation and have found no evidence that it returns on two different computers (both W8.1)
      
      | W10 Pro x64 1803 | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64/ XP Pro O/L
      Can't see the wood for the trees? Look again!
      
      2 users thanked author for this post.
      
      Ascaris,
      jburk07
      
      October 18, 2018 at 2:39 pm #225511 Reply
      
      Ascaris
      AskWoody_MVP
      
      Agreed… I had the same experience with 8.1 since the first SMQR to contain the telemetry rolled my way. Wow, has it been two years since Patchocalypse already??
      
      I installed the rollup (following the Group A suggestions), then immediately used Abbodi86’s guide that was current at that time to ferret out the nooks and crannies where the telemetry bits were hiding (thanks once again for that, Abbodi86).
      
      I removed rather than disabled the DiagTrack service, and as you said, Microfix, it never came back while pursuing Group A (I kept checking after each SMQR to be sure). I know that disabling it is sufficient to keep it from doing what it does, but there is something satisfying about deleting the loathsome thing rather than simply disabling it, and as has been noted, it’s easier to simply turn a service back on than to reinstall one (though the SMQRs could easily do either).
      
      Group "L" (KDE Neon User Edition 5.15.3 & Kubuntu 18.04).
      
      1 user thanked author for this post.
      
      Microfix
- September 25, 2018 at 8:55 am #219557 Reply
  
  Noel Carboni
  AskWoody_MVP
  
  @abbodi86, have you done performance testing to determine if not logging events gives back any machine performance?
  
  Long ago I had done all of what you described, except disabling the AutoLogger-Diagtrck-Listener trace logging. I can’t imagine it will do THAT much for performance, but hey, every little bit helps. I’ll report back after I get another run of nightly jobs tonight and can compare the times.
  
  Thank you for sharing your knowledge here!
  
  -Noel
  
  1 user thanked author for this post.
  
  HiFlyer
  - September 25, 2018 at 9:25 am #219562 Reply
    
    abbodi86
    AskWoody_MVP
    
    Not really, the idea of this block/disable tweaks is not for the sake of performance
    just to keep unnecessary addions away
    
    Compatibility Appraiser (CompatTelRunner.exe) will cunsume high amount of system resources during evaluation, specially first time
    
    1 user thanked author for this post.
    
    WildBill
  - September 25, 2018 at 11:31 pm #219755 Reply
    
    Noel Carboni
    AskWoody_MVP
    
    By the way, my nightly product builds took no less time last night than the night prior, when I had not disabled the log. 55 minutes 14 seconds vs. 55 minutes 18 seconds. The builds vary more than that from night to night.
    
    -Noel
- September 25, 2018 at 9:47 am #219566 Reply
  
  johnf
  AskWoody Lounger
  
  Nadella’s gang has some competition in the race to collect Telemetry, it seems:
  
  Google secretly logs users into Chrome whenever they log into a Google site
  
  Firefox collects data on you through hidden add-ons
  
  2 users thanked author for this post.
  
  WildBill,
  jburk07
  - September 25, 2018 at 9:50 am #219567 Reply
    
    geekdom
    AskWoody Plus
    
    There’s no monopoly on telemetry.
    
    Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
    
    2 users thanked author for this post.
    
    Steve,
    jburk07
- September 25, 2018 at 3:18 pm #219660 Reply
  
  jburk07
  AskWoody Plus
  
  Thanks for these excellent and clear instructions, @abbodi86! I wouldn’t mind going to Group B for my own machine, but it would be a pain to to go that route for the other 2 machines I update, and I wouldn’t have attempted the script since I wouldn’t know how to undo something if I mess up in executing the process. But these manual steps are very clear and not onerous. I had done some of them earlier, but I’ll be interested to see what happens to my settings after the October rollup.
  
  I really appreciate your time and effort.
  
  Group A Win7 x64 Home Premium SP1 Ivy Bridge
  
  1 user thanked author for this post.
  
  walker
- October 7, 2018 at 9:16 am #222570 Reply
  
  WildBill
  AskWoody Plus
  
  abbodi86 wrote:
  
  1) Unified Telemetry Client
  
  – introduced in updates KB3068708/KB3080149, and became part of the Monthly Rollup since October 2016 preview rollup
  
  Did NOT know this was in Monthly Rollup. Never install previews (& never will), so it’s been baked in since November 2016. I was surprised since Windows Update still shows as Recommended (do not receive Recommended updates the same as Important). Followed your manual instructions for disabling Telemetry Client services (I had already disabled DiagTrack) & Compatibility Appraiser tasks. Am still switching to Group B after Patch Tuesday, especially if KB2976978 still shows in Windows Update as Important, like KB3010149 does in Recommended. Would rather be Safe (& on Win8.1) than Sorry (& on Win10 whatever).
  
  Windows 8.1, 64-bit, now in Group B!
  Wild Bill Rides Again...
  
  2 users thanked author for this post.
  
  abbodi86,
  walker
  - October 10, 2018 at 1:53 am #223384 Reply
    
    abbodi86
    AskWoody_MVP
    
    Some updates cannot be totally superseded (from Windows Update POV) except with metadata
    and preview rollups cannot metadata-supersede important updates (KB2976978) in this case
    
    KB3080149 is not completely superseded for Windows 8.1
    likewise WU client update KB3044374
- October 18, 2018 at 10:33 am #225429 Reply
  
  anonymous
  
  Thank you so much for the script! Just to clarify: Is there any functional difference between running this script after installing a rollup versus exclusively installing Security Only patches? In other words, does a Group A system where one installs the latest rollup and then runs the above script make any additional network connections than an identical system that has installed only Group B patches? Would there be any additional (telemetry related) CPU usage on the Group A version?
  
  If the answer is no, then it seems the reasons for going Group B are rapidly vanishing!
  
  1 user thanked author for this post.
  
  jburk07
  - October 18, 2018 at 2:12 pm #225502 Reply
    
    abbodi86
    AskWoody_MVP
    
    No, the script disable any backported telemetry activity
    
    i remember @mrbrian made a test to verify that, but i can’t find his post
    you are welcome to take my word or doing a test 🙂
    
    2 users thanked author for this post.
    
    jburk07,
    Microfix
    - October 18, 2018 at 2:17 pm #225504 Reply
      
      PKCano
      Da Boss
      
      Connections to @mrbrian ‘s tests may be under AKB2952664 in the Knowledge Base.
      
      3 users thanked author for this post.
      
      jburk07,
      Elly,
      Microfix
- October 23, 2018 at 2:48 pm #226618 Reply
  
  anonymous
  
  Is it safe to delete diagtrack.dll?
  - October 24, 2018 at 12:24 am #226659 Reply
    
    abbodi86
    AskWoody_MVP
    
    SFC will nag about it and restore it, Win8.1 dism /restore-health likewise
    
    so the deletion is not needed
- February 15, 2019 at 11:25 am #327473 Reply
  
  anonymous
  
  I just noticed the cmd script is unable to access certain subdirectories under the C:\ProgramData\Microsoft\Diagnosis path. (The icacls command issues “Access is denied.”) If I try to manually view the contents of these subdirectories, it’s not enough to simply access as administrator; I’m told I have to take ownership of the directory.
  - February 15, 2019 at 11:33 am #327479 Reply
    
    PKCano
    Da Boss
    
    I believe the script that creates the Task Scheduler task sets it up to run as “System,” not as administrator.
- Author
  
  Posts
Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

Reply To: 2000012: Neutralize Telemetry & Sustain Win 7, 8.1 Monthly Rollup Model
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Your information:

Website:

Cancel
Comments are closed.

Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.