Thank you @abbodi86 , for collecting these ideas together at the top of a new topic. I think this option fits my needs better than group hopping. My needs may be different than others. It is good to have alternative methods described so well.

5 users thanked author for this post.

Lori, jburk07, HiFlyer, Microfix, Pepsiboy

Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!

@abbodi86, Nice post! NEEDS TO BE AN AKB 😉
I have a couple of questions..
1. Regarding switches: /d 1 /f do these switches signify:
/d=decimal     1=numerical value (1=on 0=off)    /f= force (Thanks PKCano)

2. Having run the cmd
sc stop Diagtrack then sc delete Diagtrack
wouldn’t most of the pastebin script be redundant in that case? then I could manually adapt to suit the systems.

2 users thanked author for this post.

walker, woody

OldBiddy wrote:

Egads this is too advanced for the likes of me. I’ll just have to consider going back to Group B or just accept the tracking. Rats!

Don’t feel bad, its waay over my head also!

2 users thanked author for this post.

walker, OldBiddy

Nice script.

Only thing is that I tend more to disable jobs than delete them, though the point could be made that deleting a job does make it more difficult for the software to re-enable.

-Noel

2 users thanked author for this post.

Lori, WildBill

@abbodi86, have you done performance testing to determine if not logging events gives back any machine performance?

Long ago I had done all of what you described, except disabling the AutoLogger-Diagtrck-Listener trace logging. I can’t imagine it will do THAT much for performance, but hey, every little bit helps. I’ll report back after I get another run of nightly jobs tonight and can compare the times.

Thank you for sharing your knowledge here!

-Noel

1 user thanked author for this post.

HiFlyer

Nadella’s gang has some competition in the race to collect Telemetry, it seems:

Google secretly logs users into Chrome whenever they log into a Google site

Firefox collects data on you through hidden add-ons

3 users thanked author for this post.

Lori, WildBill, jburk07

Thanks for these excellent and clear instructions, @abbodi86! I wouldn’t mind going to Group B for my own machine, but it would be a pain to to go that route for the other 2 machines I update, and I wouldn’t have attempted the script since I wouldn’t know how to undo something if I mess up in executing the process. But these manual steps are very clear and not onerous. I had done some of them earlier, but I’ll be interested to see what happens to my settings after the October rollup.

I really appreciate your time and effort.

1 user thanked author for this post.

walker

abbodi86 wrote:

1) Unified Telemetry Client

– introduced in updates KB3068708/KB3080149, and became part of the Monthly Rollup since October 2016 preview rollup

Did NOT know this was in Monthly Rollup. Never install previews (& never will), so it’s been baked in since November 2016. I was surprised since Windows Update still shows as Recommended (do not receive Recommended updates the same as Important). Followed your manual instructions for disabling Telemetry Client services (I had already disabled DiagTrack) & Compatibility Appraiser tasks. Am still switching to Group B after Patch Tuesday, especially if KB2976978 still shows in Windows Update as Important, like KB3010149 does in Recommended. Would rather be Safe (& on Win8.1) than Sorry (& on Win10 whatever).

2 users thanked author for this post.

abbodi86, walker

Thank you so much for the script! Just to clarify: Is there any functional difference between running this script after installing a rollup versus exclusively installing Security Only patches? In other words, does a Group A system where one installs the latest rollup and then runs the above script make any additional network connections than an identical system that has installed only Group B patches? Would there be any additional (telemetry related) CPU usage on the Group A version?

If the answer is no, then it seems the reasons for going Group B are rapidly vanishing!

1 user thanked author for this post.

jburk07

Is it safe to delete diagtrack.dll?

I just noticed the cmd script is unable to access certain subdirectories under the C:\ProgramData\Microsoft\Diagnosis path. (The icacls command issues “Access is denied.”) If I try to manually view the contents of these subdirectories, it’s not enough to simply access as administrator; I’m told I have to take ownership of the directory.

I’ve been in group b since the beginning.

The last time I updated though was the first important Service Stack update back in 05-26-2017 with KB4019264.  I knew there was things I had to do to keep up with Security since then, but every time I would come here and try to figure out which I had to do the list was long and didn’t have the time to fuss, so I just kept procrastinating. Lately though I Knew it was time I had to do something. After spending a hour reading which ones I needed to install, and during that I came across Woody saying it’s just best now to just go to group and save yourself all the hassle of keeping up with group B… and then I found this post thread he by abbodi86

Thank heavens, I absolutely love it! So simple. I’ve now become Group A and I’ll just run this script.

So I go to Windows update expecting to find all kinds things since I’ve been in group b for so long, but the only thing I saw needed (besides NET, Visual c++) was this 2019-03 monthly Quality Rollup for Win7 KB4489878 ..oddly though I did not see Service Stack Update KB4490628 that was suppose to be there, and I don’t have it installed either – why did the SSU not show up? ..because as I said the last SSU or any update I did was back in 2017!  I did not want to install KB4490628 separately though since it was not listed so I just went ahead with KB4489878  ..hopefully since I assume it’s cumulative it contains everything I need?

Anyway I installed it, quick and easy, and after reboot I ran abbodi86 telemetry cmd and here’s what it did:

..it was nice not to fuss with doing it all manually any more!  I see there was some things in the script it says it did not do, and I assume that was because of obvious reasons? I changed the script to /t 30 ..only because I needed an extra moment to take the screenshot and I only had one chance to catch what it said, so I made sure I had time and gave it 30 secs

Thank you abbodi86

I created a new reply to you PKCano and it showed up, but when I edited it and submitted then it completely disappeared? Was it deleted? …I’m just learning this forums format so, pardon. I will retype it again…

The Servicing Stack did not show up because it HAS to be installed exclusively (by itself). It does not show up in the Important Updates queue until there are no pending updates (checked or unchecked) in the update queue. The Servicing Stack is the update for the updating mechanism and is very important. You should install it.

Okay then, thank you. I created a partition image just before I started so I will just restore it and do it in the correct order this time with the SSU manually done first – if that would be best?  I don’t mind restoring at all it’s easy, and actually prefer it if it’s the best thing to do here?

The script needs to be run as “System,” not just from an eleveted command prompt. Along with the script, there is a command line in @abbodi86 ‘s AKB that sets up a Scheduled Task, run as “System” on bootup. To make it work, locate the script in the correct folder and run the command to create the Scheduled Task as per the instructions in the AKB.

Most things say succeeded, and I thought the few things listed in my screenshot that did not succeed was just because I already had all the tasks previously set disabled and in Services had the tracking disabled too. Most of his script worked and I see the things deleted out of the task scheduler now. PCKano you are saying not even if I right click and run as Admin it won’t work?

I can set it up as a task but only want/need to run once, but reading it again abbodi86 says in the first post:

– execute it after installing the Monthly Rollup and rebooting
you only need to run it once, and to be safe, once after each new rollup installation

…that’s what I did – does his first posts first method need to be re-worded again because I’m confused. It says just run it once each time you install a new rollup, and so it’s a cmd file and so I just ran it, even right click to run as admin.  If there was more to his first method why is it not listed? ..thanks for your patience.

Thank you PKCano. You really didn’t answer my main questions though; also to say I didn’t manually delete Diagtrack etc but his script did, with his 1st way which just says to execute it and is how I ran it. But you said no and that I needed to to it as a “System” task on boot up.  Well so I just ran his 2nd way adding in his scheduled task script was pretty easy. I even see the task added in there now as W10Telemetry, and so I rebooted to let her run and tracked what it did but really don’t see it did anything more because I ‘think’ as my above screenshot shows, it already did everything that was there available to do in his first method.

Did you look at my screenshot above?  Perhaps when abbodi86 looks at the screenshot since he wrote the script he will understand right away what was done or what’s needed now.  I really don’t think I need to do anything more?  The question though was and is his method #1 to Manually run his ‘W10Tel.cmd’ good enough? Yes/No? ..or is it better to run his method 2 within the task scheduler – I like some clarification on this from abbodi86 too if I may please.

Also my hinting asking you did I need to restore my OS image and do it all again just because I did not install the latest KB4490628 Servicing Stack Update first? ..so just now instead of restoring I installed it was very quick wanting no reboot. I see this SSU KB4490628 changed the previous version numbering from 6.1.7601.18766 up to 6.1.7601.24383.  Also just checking at WU it still has nothing new for me.

I’ve now set his W10Telemetry task as disabled and won’t need to run it until I do the next rollup when its imperative. Or like he says I will just run his method #1 ‘W10Tel.cmd’ Manually after the next time I do a cumulative rollup. Yes/No

Thank you

abbodi86 wrote:

Like @pkcano said, while it’s best to create/run Scheduled Task as “System”, there is no need to worry about those Access denied files, they don’t have an effect as long as DiagTrack service and WMI tracker are disabled, and the Appraiser tasks

Thank you.  I’ll do both then, I like to manually look at what the cmd prompt says when I first manually run ‘W10Tel.cmd’ after an update, and then manually reboot, but before rebooting I will also toggle my Schedule Tasks W10Telemetry back on and then let it reboot… might not be necessary to do it both ways but won’t hurt right… (then afterwards I’ll disable the task until the next time I update (which is not often) ..because no sense to have it run everyday for no reason right ..until of course the next update. I only update once every few months anyway when something is imperative or is the right MS-DEFCON

Thanks again, and nice work

PS – it feels GREAT to move to the easier Group A now.. I see why Woody (and others) suggest it.

Is there a script like this for Win10 to neutralize telemetry on Win10 too?

I’ve seen some programs like O&O etc, but just wondering if someone is maintaining a script to do it like is done here, or if it’s not that easy since 10 is more complex, what is the best program to do it on Win10?

Okay thank you guys, I understand don’t try to disable telemetry completely, and so then what is the balance, what is the most practical method that can be safely done with Win10?

I know I want to at least stop Win10 from auto updating itself, and perhaps this link below ‘may be’ the latest method – have you seen this one: ?

https://github.com/WereDev/Wu10Man

…or is there something better? (Yes EP I read the Computer world article, thank you)

As far as telemetry, again what are the minimal things we can do to tame it, without causing a fuss?

(I don’t mind if you move this post as I don’t want to hijack this Win7/8.1 thread.  I have Win7, Win8, and Win10 computers on my network, and Win7/8 worked perfectly with your W10Tel.cmd – I love it, thank you! …now I need to do a similar (or at least a minimum) of settings for Win10)

Many thanks for the removal script!

Just one question: If I understood it correctly, the script first adds a value HaveUploadedForTarget to the key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser, and a few steps after, it deletes the whole Appraiser key.

Is this supposed to be this way or should it be the other way round?

2 users thanked author for this post.

Microfix, abbodi86

KB 4493123 has reared its ugly head again on PCs running Windows 7 Home Premium x64 as of today 24 July (Sydney Australia date). Have hidden them again.

1 user thanked author for this post.

walker

born is reporting about the KB4493132 update showing up again recently:
https://borncity.com/win/2019/07/24/windows-7-new-notification-update-kb4493132-july-2019/

the enterprise and professional editions of Windows 7 will not be offered the KB4493132 update; only “consumer” editions of Windows 7 (home and ultimate) will have it offered

• This reply was modified 1 year, 3 months ago by EP.

1 user thanked author for this post.

Chessie

@abbodi86 and all –

Is it possible to get a listing of the W10Tel.cmd script if it is not too big? Our network policy blocks download sites for security reasons. We would be violating policy if we download it from a different network… That’s a no-no.

My home PC (Win 7 x64) has 3 user IDs defined on it: a user ID with administrative privileges which I use only for system maintenance tasks, a user ID without administrative privileges which I use for day-to-day tasks, and a similar user ID that my wife uses for her day-to-day tasks. If I wish to use W10Tel.cmd on my system, is it sufficient to run it on the user ID that I use for system maintenance tasks, or do I have to run it on all 3 user IDs?

In recent years I religiously kept doing a number of tweaks (some described in this thread, some on other blogs) to stop telemetry on my Win 7 systems.  But MS kept pushing updates that re-activated telemetry. So frustrating & disappointing.

The only thing that really works for me – and is easily reversible – was implementing a Pihole adblocker at home and adding a blocklist a github site maintains for blocking MS telemetry.  The blocklist works well, is easy to disable if needed and is completely independent of Windows.

The only one I was able to find there appears to be designed for Win 10’s telemetry and I don’t know if they’d be the same for Win 7. Since you specifically stated you’re running Win 7 is there any chance you could provide more specific info? Like the list’s file name maybe?

I ran W10Tel.cmd for the first time on my W7x64 (Home Premium) system today. It generated a number of error messages which are displayed on the screen shot of the command prompt window below.

W10Tel2.cmd is W10Tel.cmd without the W7 EOS KB4493132 section (lines 15 to 31) – I don’t have KB4493132 installed. As can be seen, I redirected the normal output to a text file, but the error messages appeared in the command prompt window.

I’m not expecting an explanation of what each error message means. But I would like to be reassured that such error messages are expected simply because every W7 system is different.

? says:

TonyC, maybe have a look at the powershell Bob Villa posted up in #347244 on march 31st while awating abbodi86’s reply?

2 users thanked author for this post.

tcc089, BobVila

I had been holding back updates on my systems (Windows 7 and 8.1), and liked the sentiment behind this “script”.

Anyway, long story, I did not see anything specifically mentioning in this thread that you may need to enable DiagTrack in to install some updates. In my case, KB4507448.

Check your “Application” event log,  and if you see an ‘0x800f0816’ error. Try enabling DiagTrack.

NOTES:
Essentially, the message states that it cannot change the state of the update to “staged”:
Package KB4507448 failed to be changed to the Staged state. Status: 0x800f0816.

After enabling:
Initiating changes for package KB4507448. Current state is Resolved. Target state is Staged. Client id: WindowsUpdateAgent.

That error does not appear to be documented\detailed. For example, in this powershell snippet (NOTE: I feed in two error codes just to confirm the Win32Exception object actually works for the ‘Facility’):

0x800f0816,0x800f0001 | % { ‘Facility: {0}, Error: {1}, {2}’ -f @(($_ -shr 16 -band 0xfff), ($_ -band 0xffff), ([ComponentModel.Win32Exception]$_).Message) }

I get these results:

Facility: 15, Error: 2070, Unknown error (0x800f0816)
Facility: 15, Error: 1, A section name marker in the INF is not complete, or does not exist on a line by itself

Regard,
Richard Rudek

? says:

@abbodi86,

if you can tell me why Application Experience (CEIP) runs (RunAsInvoker) (compatibility fix runs because it it blocked?) when i update MSE even though it is disabled in the Task Scheduler i would appreciate it. i am opted in to Basic spynet in MSE settings because the real time scanning only works if opted in. i see the invoker run in event log\application experience and can flush out the xml to %temp% (users\appdata\local\temp:

“xml version=”1.0″

Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”

System

Provider Guid=”{EEF54E71-0661-422D-9A98-82FD4940B820}” Name=”Microsoft-Windows-Application-Experience”/

EventID>500</EventID Version>0</Version Level 4 /Level Task 0 /Task

Opcode 0 /Opcode Keywords 0x1000000000000000 /Keywords

TimeCreated SystemTime=”2019-09-01 Z”/

EventRecordID 514 /EventRecordID Correlation/ Execution ThreadID=”2184″ ProcessID=”2540″/

Channel Microsoft-Windows-Application-Experience/Program-Telemetry /Channel

Computer ?-PC /Computer Security UserID=”S-1-5-20″/ /System- UserData

CompatibilityFixEvent xmlns=”http://www.microsoft.com/Windows/Diagnosis/PCA/events&#8221;

xmlns:auto-ns2=”http://schemas.microsoft.com/win/2004/08/events&#8221;

ProcessId>2540</ProcessId

StartTime 2019-09-01 Z /StartTime FixID {1C2D58C3-DCD2-41E3-BD0B-25F05028C655} /FixID

Flags 0x40102 /Flags ExePath C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\MpSigStub.exe /ExePath

FixName>RunAsInvoker /FixName/CompatibilityFixEvent /UserData /Event”

thank you!

Thank you so much.  After finding out, Mic-SOB’s again added their telemetry BS, I was ready to throw in the towel. Giving up on all updates, till the bitter end of Win 7. I had already done everything you suggested long ago. The one thing I wasn’t sure about, if I downloaded updates with telemetry included, would telemetry reset what I disable and/or create new files that were deleted? Now I know the answer is No. Thanks again, your hard work is very much appreciated!!!

1 user thanked author for this post.

BobVila

Using the physical-sciences principle of “confirm what you think you know” (but really, I believe am just kicking a dead horse), with the new inclusion (in Sep 2019) by MS of telemetry in Win7 & 8.1 “security only” patches, it appears that there is absolutely no reason to stay in Group B, as you have to use one of the methods of this thread in either Group B or Group A, and in Group B you are passing up Win fixes and improvements.  True?

Any reasons for the contrary?

Thanks! I wouldn’t know how to do the script, but the manual steps were very clear and easy. Much appreciated!

Could the script be added to include the following?

The July Security Only update that adds telemetry creates a folder, Migration\WTR, with a file, CompatTelemetry, that lists the changes that include some not already in the script.  They are..

[System.File]
“%windir%\system32\CompatTel\* [*]”
“%windir%\system32\ [aepdu.dll]”
“%windir%\system32\ [devinv.dll]”
“%windir%\system32\appraiser\* [*]”
“%windir%\system32\ [acmigration.dll]”
“%windir%\system32\ [appraiser.dll]”
“%windir%\system32\ [invagent.dll]”
“%windir%\system32\ [generaltel.dll]”
“%windir%\system32\Tasks\Microsoft\Windows\Application Experience\ [Microsoft Compatibility Appraiser]”
“%windir%\system32\Tasks\Microsoft\Windows\Application Experience\ [ProgramDataUpdater]”
“%windir%\appcompat\programs\ [FullCompatReport.xml]”
“%windir%\appcompat\UA\* [*]”
“%windir%\appcompat\Appraiser\* [*]”

[System.Registry]
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ClientTelemetry\* [*]”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser\* [*]”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\UpgradeExperienceIndicators\* [*]”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\OneSettings\* [*]”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\* [*]”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Shared\ [UpgExIndChecksum]”

Aside from a current disk image, is there a way to undo w10tel.cmd?

Not sure why but ya never know what MS might do next…..

Great tool BTW!

DriftyDonN

abbodi86 wrote:

Updated W10Tel.cmd script with entries to suppress Win 7 EOS notification (installed with KB4530734 and SO KB4530692)
https://pastebin.com/zeJFe08G

• This reply was modified 10 months, 2 weeks ago by abbodi86.

Will this script work with the last JAN 2020 SO update KB4534314 which also contains EOS notification?

I’m still going to wait for JAN 2020 SO update so MS can fix their black background bug.

And for those who find this level of task too fiddly and or too complicated there is a nice auto-pilot one click app  ‘SpyBot Anti-Beacon’ which makes life easier available from
Safer-Networking.org .
Latest download v3.5 comes as a free version and covers approx 50% of the Microsoft telemetry spy zones and the paid for ‘Plus’ version (€7.99 p/a) is available which enables 100% coverage of all Microsofts embeded telemetry.

G.

Gordski wrote:

free version and covers approx 50% of the Microsoft telemetry spy zones and the paid for ‘Plus’ version (€7.99 p/a)

The free, portable Debotnet does much more and doesn’t cost a dime.

1 user thanked author for this post.

7ProSP1

Alex5723 wrote:

Gordski wrote:

free version and covers approx 50% of the Microsoft telemetry spy zones and the paid for ‘Plus’ version (€7.99 p/a)

The free, portable Debotnet does much more and doesn’t cost a dime.

I had never heard of this extremely useful utility until I read your post.

It has now been added to my arsenal of Microsoft anti-snooping software.

Thanks for sharing.

• This reply was modified 5 months, 2 weeks ago by 7ProSP1.

1 user thanked author for this post.

Alex5723

satrow wrote:

7ProSP1 wrote:

The free, portable Debotnet does much more and doesn’t cost a dime.

It’s already been deprecated in favour of sharpapp, ghacks report.

Sharpapp is inferior to Debotnet, which still can be used.

This being almost 2 years old, I get quite a few”file does not exist lines” but then the cmd box disappears quick! Isn’t it likely win10 has changed enough that some of this needs updating? Just curiosity. I run this religiously every month!

Thank You!