News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November

    Home Forums AskWoody blog Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November

    This topic contains 112 replies, has 8 voices, and was last updated by  ch100 2 years, 11 months ago.

    • Author
    • #30943 Reply

      Da Boss

      We’re going to see a big uptick in snooping on Win7 and 8.1 machines. Don’t worry, I’ll have detailed instructions on how to avoid the snooping by sta
      [See the full post at: Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November]

    • #30944 Reply


      Woody, few notes about the InfoWorld article.
      First, I think that the new updates will apply to all current server versions, i.e. Windows 2008 R2, Windows 2012, Windows 2012 R2 because the patches included were provided to those servers in the past. Windows Server 2016 just released is in fact Windows 10 LTSB 2016 Server and has the same treatment like the equivalent Windows 10 version.
      Second, there is a big misunderstanding about how enterprises see the telemetry problem and this is mainly raised by people which have little connection to enterprise administration. The KB article in fact tells how to ENABLE telemetry in places using proxy servers. This is to provide reporting directly to Microsoft for those enterprises which have support agreements instead of the more common method of collecting data locally and sending in email as instructed etc. There are organisations for which the security requirements do not allow telemetry to take place, but this is not necessary the rule.
      Other important software manufacturers like Citrix have used this method for few years by now.

    • #30945 Reply

      Da Boss

      Interesting. No, I didn’t know that. So NOW I understand why the admin community isn’t going absolutely bonkers over the snooping….

    • #30946 Reply

      AskWoody Lounger

      As like many others, we wait for the go ahead to install october security updates. But i still have september security Updates waiting for download. Would it be wise to go ahead and install those while we wait for the results for october updates. Im in B group

    • #30947 Reply


      I suppose one aspect is that many of the admins do not know what we already know here about the mechanisms in place for collecting data. Those who know, do not see it as politically dangerous as some of the private customers do and just apply the manufacturer’s recommendations within the limits provided by the security classification of their enterprise or organisation. The legislative aspects are delegated to those specialised in that area and if there is any breach in legislation, then it is between Microsoft or Citrix or any other similar software (Cloud) company and the legal team of the enterprise to sort out or if it of more general interest then the regulators are supposed to intervene. Certainly this is an idealised scenario, but this is how things appear to work in general.
      Like you, I am not able to understand all the legal aspects as I don’t have the required qualifications in that area.

    • #30948 Reply


      Maybe you know the answer, Woody. I have installed GWX Control Panel and am still on W7. But I think I am going to buckle (is that a word?): downloading individual updates from the Catalogue is a step too much for me (I know only a little more about pc’s than your avarage mother-in-law or neighbour). So I’ll give in to the monthly roll-ups. What are the chances of GWX Control Panel causing problems? Would it be wise to uninstall GWXCP all together? Hopefully you or one of the frequent contributers can supply an answer?

    • #30949 Reply

      Da Boss

      Yep, I gave the go-ahead on the September security updates a couple of weeks ago. If you feel comfortable picking them out, sure, install them.

    • #30950 Reply

      Anonymous User

      Now I know there are a lot of Windows 7 users here. I’m an 8.1 user by the way. I do have 7 on one machine. Which is a dual boot with 8.1. Anyways.

      I wanna ask all all my fellow 7 and 8.1 users. In 3 years when Windows 7 and 6-7 years when 8.1 support ends what are you guys going to do? Are you going to do? Are you going to remain on an unsupported OS just to avoid telemetry? Or if your computer dies and you need to get a new one. Or if you build a new one. Windows 7 SP1 and Windows 8.1 are going out of print on October 31.

      Also Intel’s upcoming Kaby Lake and AMD’s Zen CPUs won’t support Windows 7 or 8.1. They’re severely limiting your options here. Eventually if you want to keep using Windows you’re going to have to use Windows 10 and deal with telemetry.

      I remember some people saying they think Windows 7 would be the new XP in that support keeps getting pushed back. Wishful thinking. This is why they gave 10 away for free. To get as many people as they could into the new ecosystem and to avoid having another XP.

      I mean I feel this subject should be addressed. With 7 SP1, and 8.1 going out of print, with newer hardware having limited support (if you’re lucky) or no support for 7 & 8.1 what are you going to do? I just wanna put this out there for my fellow 7 and 8.1 users to think about. Because one day 7 will no longer get any updates, and one day 8.1 will no longer get any updates.

      If you want to avoid all of that stuff for as long as possible then anyone who is able to I encourage you to jump to 8.1 and get Classic Shell. That’ll give an extra 3 years before you’d have to deal with Windows 10.

      But right now both Windows 7 and 8.1 are still supported. But when support ends for them I encourage you guys to decide what you’re going to do from there.

    • #30951 Reply

      Da Boss

      Personally, I have my eye on Andromeda….

    • #30952 Reply

      Da Boss

      You don’t need GWX Control Panel. It’s outlived its usefulness. Microsoft isn’t ramming Win10 down anyone’s throat right now with a Get Windows 10 campaign. Instead, they’re moving on to the next big thing. Intimidation.

    • #30953 Reply

      Carl D

      You know – it’s really a shame that it seems most people don’t know how easy it is to set up a dual boot with, say, Windows 7 and Linux Mint.

      That way, they can keep Windows offline permanently and not have to deal with this seemingly never ending update nightmare from MS. No more security updates, telemetry updates and goodness knows what else MS will be trying to sneak in over the coming months and years.

      And, you’ll have no worries about having to deal with another GWX ‘campaign’ should it appear.

      I can’t speak for everyone else, of course. But, for me, life is too short to be having to deal with this BS day in, day out for the foreseeable future. I just want to enjoy using my PC without having to deal with MS’s shenanigans.

      Hey, maybe I should start up a business of my own – come see me and get Linux installed as a dual boot with your existing Windows 7 then keep 7 offline for good. I might become a millionaire in the next 12 months or so. lol.. just kidding.

    • #30954 Reply

      Da Boss

      I went to Macs when Win8 came out. Now I run Windows 7/8.1 in VMs mostly.

      What am I going to do….DELETE THE VMs!!!

      Or maybe a better OS will come along.

    • #30955 Reply


      Excellent post ๐Ÿ™‚

    • #30956 Reply

      Da Boss

      If we use abbodi’s method to get rid of DiagTrack, won’t MS just put it back with the next update? They don’t have to “take ownership” to make changes.

    • #30957 Reply

      Da Boss


    • #30958 Reply

      Anonymous User

      OS X does have some advantages. Such as it being more secure than Windows by miles. But I find Macs to be a bit over priced.

    • #30959 Reply

      Anonymous User

      You are right. But if you’re going to not use Windows online I’d probably argue that you should just delete it entirely. I personally like Xubuntu better, but Linux Mint is a solid starer OS for those getting into Linux.

    • #30960 Reply


      @ Woody and PHCano : what if there is no sign of DiagTrack on my Win 7 SP1 x64?

    • #30961 Reply


      RE: my lack of diagtrack on my 2009 win 7sp1x64—-I queried it and looked under services and it does not appear? What now?? This seems to be (once learned) viable temp out for now.

    • #30962 Reply


      I have Ubuntu Linux and Windows 7 set up as dual boot, with three hard drives. Drive 1 has Linux, drive 2 has Window, and drive 3 has my data.

      I have a SATA power switch controlling drives 1 and 2.

      When I want to switch from one to the other, I power the computer off, switch to the other drive, and power the computer on. Like magic, I am in the other OS. No fuss, no muss. And my data is always available, because it is on a separate, always-on hard drive.

      The one change I’ve had to make was as follows: At first, I had a space in the name of my data drive. This made it confusing to access in Linux. I took the space out of the drive name, and now everything works perfectly.

      I operate in Linux as much as possible. But there are a few things I haven’t yet got working in Linux, so for those situations, I switch to Windows. One of these days I will have all the bugs ironed out on the Linux side, and at that point I will abandon Windows.

    • #30963 Reply

      Da Boss

      Breathe a sigh of relief, and don’t worry about it. You successfully dodged whatever patches brought down the snooping.

    • #30964 Reply

      Da Boss

      Keep rubbing that lucky rabbit’s foot…

    • #30965 Reply

      David F
      AskWoody Plus

      Personally I’ll go to Linux and keep Win7 on a VM for anything I can’t run on Linux.

      My issue is less with telemetry and much more with the Cortana spyware which seems to be becoming central to Win10 and the enforced crap adverts on the desktop.

      I’m [not going to] pay for an O/S that’s going to put advertising garbage on my desktop.

      It seems to me that if you knowingly elect to give away control of your environment to another, you have effectively chosen slavery as someone else then dictates what you can see and do.

      That seems to be the direction Nedella is moving from his recent speeches, with MS having access to all personal information (he even wants health records).

      That’s where it’s going and that’s where I draw the line.

    • #30966 Reply


      Guess what I just found after installing a SECURITY ONLY patch on my test Win2012R2.


    • #30967 Reply


      @Anonymous User,

      “I mean I feel this subject should be addressed.”

      This subject has certainly been addressed in these discussion threads in the past.

      From your various posts today, it seems that you are a bit new around here and are assuming that you know more than you do about our past discussions.

      Everyone’s perspective is welcome, and new users are welcome, but please don’t underestimate the knowledge, perceptiveness, and thoughtfulness of the site’s established commenters/readers if you are only basing your opinions/statements on limited information.

    • #30968 Reply


      Yes, “buckle” is a word! You used it perfectly in your sentence.

    • #30969 Reply


      Run Linux with Windows (whatever version) as a VM with no virtual NIC going to the internet.

    • #30970 Reply


      Using Linux is not easy for many ordinary Windows customers, and it’s not that easy to learn about quickly if one doesn’t know much about computers and if one frankly doesn’t care about their nuts and bolts, except to use them as a means to various ends.

      There have been a number of comments here to this effect by computer-techie people who do know what they are doing and who use Linux themselves.

      It’s also not a complete replacement for Windows, depending on what programs one needs to use.

    • #30971 Reply

      Da Boss

      Which patch?

      The registry entry won’t do anything. Still, it shouldn’t be there.

    • #30972 Reply


      After a few months with Windows 10 I replaced it with Windows 8.1. I just wanted a stable and mature OS to use, and am now as happy as a pig in the proverbial. ๐Ÿ™‚ (Start8 replaced the Start Menu)

      6-7 years is way too long away to decide or know what to do with Windows 8.1 then. I’m hoping that Microsoft come to their senses before then and start fixing all the Windows 10 problems like (1) flaky, cumulative, bundled, forced updates, and (2) their obsession for new features to the detriment of fixing existing problems.

      Despite Microsoft’s FUD, I would bet on Windows 7 and 8.1 running fine on future Intel and AMD CPU families, except new CPU features would not be available to those OS’s. Did Intel revise their Skylake CPU’s after Microsoft caved in on the supposed W7/8.1 incompatibility? I think not, and W8.1 still runs fine. IMO, just more FUD from MS.

    • #30973 Reply


      That it’s there at all tells me more is coming. That it came in the security only tells me that they’re willing to sneak it in, however they can.

    • #30974 Reply

      Da Boss

      Time will tell…

    • #30975 Reply


      Don’t forget to install KB3177467 separately if it is offered.

    • #30976 Reply


      3-4 years is a long term in the current state of the Cloud and technology in general.
      There is little point to plan now, unless running true mission critical software which is never the case for home users.
      iPhone did not exist before 2007 and most people started using in 2008. See how it goes?

    • #30977 Reply


      Unlikely to become a millionaire, people who worry so much don’t have enough time left in the day to make money to pay you ๐Ÿ™‚

    • #30978 Reply


      What is the current best virtualisation host platform within Linux? Xen, KVM, VirtualBox?

    • #30979 Reply


      +1 ๐Ÿ™‚

    • #30980 Reply


      @pkcano I suggested elsewhere a lighter implementation, suitable for everyone, which is just to stop and disable the DiagTrack service which is part of that script. The registry keys associated don’t need to be deleted as they would take effect only if the service is restarted by something external, which could be a patch, but in that case we would all be aware of that.
      I don’t doubt that abbodi’s method is 100% accurate, but it may be just too much for most users who would not understand it and feel like losing control over what is done by the script.

    • #30981 Reply


      It could be back only if the telemetry component is updated with new version

      anyway, one can simply execute the commands after each rollup install, just in case ๐Ÿ˜€

    • #30982 Reply


      It’s in my registry as well, despite the fact that I bypassed all GWX intrusions by recovering from an OS back-up I made of Win7 in March 2015. From there on, I made sure not to install any known GWX Windows Updates. They must’ve snuck it in prior to March 2015. This is all really very discouraging. Meanwhile, MS is laughing their heads off. I’m not amused! Perhaps it’s time to ditch Windows altogether.

    • #30983 Reply

      Da Boss

      Did you look under ProgramDataMicrosoft? Did you look at the Registry entries? It’s there!!!

    • #30984 Reply


      If it’s there, then it comes from WU client itself, few left tracks of upgrade offer

      fuuny that i installed the Monthly and Preview Rollup and don’t have it ๐Ÿ˜‰

      Microsoft made it clear in KB2952664 article, there is no other GWX or upgrade campaign

    • #30985 Reply

      Da Boss


    • #30986 Reply


      AutoLogger key specifically needs to be removed
      Event Trace Session will function even if the service is disabled

    • #30987 Reply


      You don’t have one of the KB3068708 or KB3080149 installed.

    • #30988 Reply


      Thanks ๐Ÿ™‚

    • #30989 Reply

      Anonymous User

      Yes I am new here. So please forgive me.

    • #30990 Reply


      Checked my Services (Win 7 SP1) and all I find are:
      Diagnostic Policy Service
      Diagnostic Service Host
      Diagnostic System Host

      Is the “Diagnostic Policy Service” just a different name for “Diagnostic Tracking Service” as mentioned in the InfoWorld article? Which, if any, of the above services are OK to disable?

    • #30991 Reply


      Is that the same Andromeda being developed by Google? The same Google that does no evil and certainly wouldn’t have telemetry anywhere?
      Talk about out of the frying pan…

    • #30992 Reply

      Da Boss

      Yep. One and the same.

      Don’t forget – I use Windows 10, and I’ve come to terms, personally, with the snooping.

    • #30993 Reply

      Da Boss

      None of those are the Diagnostic Tracking Service. I wouldn’t disable any of them.

    • #30994 Reply

      Da Boss

      You’re most welcome – but realize that you’re rubbing elbows with people who’ve been around quite a few fire hydrants.

    • #30995 Reply


      You could review the posts on this site over the last year and the poll would indicate a large number of Win 7 users planning to keep one computer using Win 7 offline and another using Linux or some other OS for online access.

      Whether these users–count me among them–are actually prepared to suck it up and make this strategy work is a good question.

    • #30996 Reply


      They are all part of the original Windows 7 distribution.

    • #30997 Reply

      Da Boss

      I find pointers to DiagTrack all over – ProgramData, Registry.

      I find Diagnostic Policy Service, Diagnostic Service Host Service. Diagnostic System Host Service, but no DiagTrack Service.

      I have hidden KB3021919, 3068708, 3080149 and 2952664 – they’ve never been installed.
      Does that explain it?

    • #30998 Reply


      Also, just scanned my computer for diagtrack.dll — looks like I’m clean. Thanks.

    • #30999 Reply


      I am lost here… ๐Ÿ™‚ Only abbodi86 can make order in this mess ๐Ÿ™‚

    • #31000 Reply



      Are you saying that everyone has this, or just that you know that Brian in particular would have this?

      I don’t have diagtrack in programdata/microsoft or in services.

    • #31001 Reply



      I am not quite sure what that phrase means (“people who have been around quite a few fire hydrants”), but it sounds a little unsavoury!

      Is that like doggies on their daily neighborhood walk? :-O

      I am a female, so… err…
      though I did once see a senior-citizen lady in a public square at the side of a church in southern Europe squat right down and obtain some relief, about 20 feet from the outdoor cafe table I was sitting at….

    • #31002 Reply


      How would I look for it in the registry?

    • #31003 Reply


      Where in ProgramData exactly?

      as for registry, DiagTrack is a common word that might be used by other components

      nonetheless, did you installed Convenience Rollup KB3125574?

    • #31004 Reply

      Old Dog


      Thank you for the info.

      If any GWX registry items found, should one just delete them ?

    • #31005 Reply

      Da Boss

      You lead a… diverse… life.

    • #31006 Reply

      AskWoody Lounger

      You two are both a hoot!!!!!!!!!!!!!!! ๐Ÿ™‚

      The mind boggles at the scenario you just painted….

      (If I could only add a graphic here that would
      illustrate the below…….. you would have made my day!!!)

      You just made me ‘splash’ all over my monitor! LT

    • #31007 Reply

      Da Boss


    • #31008 Reply

      Da Boss

      Did not install KB3125574. These are old installations (several years) that I blocked GWX, telemetry, and compat patches since the beginning of GWX (see my “big” list elsewhere on AskWoody). Specifically still blocked the four mentioned above.

    • #31009 Reply

      Da Boss

      Follow the links in abbodi’s removal script. Even I don’t have the DiagTrack Service, reference is made in other places.

      Like ch100 says, running those commands is a drastic method “too much for most users” and he recommends stopping and disabling the Service.

      But if MS puts the entries back with the next rollup, maybe you have to keep stopping the Service or reusing the script?

    • #31010 Reply


      Question: Will the upcoming telemetry and snooping for Windows 7 that everyone is anticipating and discussing affect what a user experiences in normal day-to-day use of a Windows 7 system?

      Former Windows 7 users who now use Windows 10 might have a helpful perspective of this question.

    • #31011 Reply

      Da Boss

      Good question. Not yet, as far as I can tell, but you should expect changes in Bing-related stuff. We might even see advertising in Win7 at some point – perhaps not unlike the “Get Windows 10” campaign.

      First, MS needs to collect the data.

    • #31012 Reply


      Yes, it would not hurt

    • #31013 Reply


      Well, that etl file is created only (and only )if one of the updates were installed: KB3068708, KB3080149, KB3125574, and the new KB3192403

    • #31014 Reply

      Old Dog


      Thank you.

    • #31015 Reply



      The last 2 commands in the list you posted, namely:

      del /f /q %ProgramData%MicrosoftDiagnosis*.rbs

      del /f /q /s %ProgramData%MicrosoftDiagnosisETLLogs*

      are rejected for lack of permission to access the Diagnosis folder.

      Any solution to this?

    • #31016 Reply

      Gary Karasik

      I never imagined I’d be nostalgic for the old Microsoft.


    • #31017 Reply

      Da Boss


    • #31018 Reply

      Jim in Yakima

      By default (Win 7 x64), that folder is indexed. So, if indexing for your drive is on (again, it is by default), the service may protest. Turning off indexing for that folder may allow quick deletion. I’ve seen it before. Also, have had to change folder permissions before I could zap whatever it was, on other occasions.

      All in the “Properties” 5-tab window (need to have admin rights).

    • #31019 Reply


      Take ownership of the folder and propagate permissions. Or, without changing any permission, better log in as the Administrator – the first one, named as such and run the commands.
      This method is too involved for the regular users and even for some power users, this is why I was looking into only stopping services, but it appears not to be enough.

    • #31020 Reply

      Jim in Yakima

      “A third group, Group W, doesnโ€™t want anything from Microsoft — no patches, no security updates, nada. I donโ€™t recommend that you sit on the Group W bench, but it can be understood given changes Microsoft has made to Win7 and 8.1 machines, without our permission, in the past.”

      “Microsoft has a history of mixing security and nonsecurity patches in arbitrary ways. …”

      The new “method” adds another level of complexity, while minimizing user choices. The change itself wasn’t borne by user demand. Will allow updates for Office and (once somewhat vetted) .NET. Otherwise it’s gimee a “W” for now at least.

      I would be interested in learning from those who were in group “W” before there was a group “W”: Any maladies/disasters as a result?

    • #31021 Reply


      Do you have KB2882822 installed? It is one of the pre-requisites to IE11, replaced by KB3080149.
      Update adds ITraceRelogger interface support to Windows Embedded Standard 7 SP1, Windows 7 SP1 and Windows Server 2008 R2 SP1

      This sounds like ETL to me, but I didn’t test.

    • #31022 Reply


      I was searching M$ for telemetry issues, and found this article in TechNet that explains a lot about telemetry in Win 7, Win 8.1, and Win 10. It’s a year old, but gives more information than I’ve found anywhere else I’ve looked. Explains a lot.

    • #31023 Reply

      Da Boss

      Good one.

    • #31024 Reply


      Don NOT install KB3177467 – it can’t be uninstalled and prepares Windows 7 for a takeover to the “windows 10” Update System. With that in place, you can’t install or uninstall single updates anymore, you simply get all updates if you want them or not!

      I was able to successfully remove it with a rather complicated protocol (sorry, not in english) and that did the trick, but you should NEVER install that crap and put it on your “ban list”.

      Microsoft is dead for me, I’m going with Linux next. The can **** themselves!

    • #31025 Reply

      Jim in Yakima

      From the “Retention” section of that article:

      “Microsoft believes in and practices information minimization, so we only gather the info we need …”

      I think they left out the dissemination part. The “you’re on a need-to-know basis, and the less you know the better.”

      Likening the use of telemetry to “gathering”. More laughter. s/b “hunters-gatherers”.

      A lengthier version of the article is below. It includes description of what telemtry is and is not. [someone wrote it, so it’s there]
      Also includes descripton of the MSRT role: “The MSRT infection report contains information, including device info and IP address.” [same guy who wrote the other stuff]

    • #31026 Reply

      Da Boss
    • #31027 Reply

      AskWoody Lounger

      I am logged in as admin

    • #31028 Reply

      Jim in Yakima

      There is contrast. The link you posted offers less info on data collection than the one I “hunted”.

      Your link under “Full”:
      “Full includes everything in Basic and Enhanced levels, plus additional diagnostic data including the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a document you were using when a problem occurred). It also turns on advanced diagnostic features that can collect additional data from your device, which helps us further troubleshoot and fix problems. When we learn that devices are experiencing problems that we have trouble diagnosing or replicating internally, we will randomly select a small number of devices from those at the Full level that are experiencing those problems from which to gather the data needed to diagnose and fix the problem (including user content that may have triggered the issue). If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you. Full is the recommended option for the best Windows experience and the most effective troubleshooting.”

      My “hunted” link under “Full”:
      “The Full level gathers data necessary to identify and to help fix problems, following the approval process described below. This level also includes data from the Basic, Enhanced, and Security levels.

      Additionally, at this level, devices opted in to the Windows Insider Program will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing. These events help us make decisions on which builds are flighted. All devices in the Windows Insider Program are automatically set to this level.

      If a device experiences problems that are difficult to identify or repeat using Microsoftโ€™s internal testing, additional data becomes necessary. This data can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the Full telemetry level and have exhibited the problem.

      However, before more data is gathered, Microsoftโ€™s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:

      – Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.

      – Ability to get registry keys.

      – All crash dump types, including heap dumps and full dumps.”

      “Additionally, at this level, devices opted in to the Windows Insider Program will send events, such as reliability and app responsiveness. that can show Microsoft how pre-release binaries and features are performing.”

      I’m not yet of the pre-release binary set, yet, I think. Pretty sure I didn’t check that box.

      No mention of the insider program or use of diagnostic tools in your article link, which is interesting. The language in both is much the same, but seems likely the article you cite is older (it shows no date). The one I found is dated 9/16/2016. Seems a matter of updated info.

      Love the assertion that Win 10 is a “performant product”.

    • #31029 Reply


      Did you executed the commands as administrator?
      the “takeown” and “icacls” are supposed to gives you the required permission

    • #31030 Reply


      Nope, that Autologger-Diagtrack-Listener.etl is created by those updates only

    • #31031 Reply


      A takeover? Dear Lord ๐Ÿ˜€

      it’s a normal servicing stack update
      you can install first on a clean system with no updates, and you can still install/uninstall individual updates

      OK, Godspeed ๐Ÿ™‚

    • #31032 Reply


      Excellent. I read few more of those articles and white papers, but although all confirm pretty much the same Microsoft destination servers and settings which can be configured, by reading more of them it helps a lot to understand the intentions and to see the full picture.
      Maybe it should be noticed that Windows Update in Windows 10 contributes to telemetry, unless the Data Collection is configured to Security (available only in Enterprise and Education editions) and the updating server is an internal server (WSUS, SCCM).

    • #31033 Reply


      … and Microsoft used to do the same, until they changed their advice to disable CEIP only, in Control Panel (Action Center) or in Group Policy.
      You have there the third patch that tends to go under the radar as it is retired and which can cause the installation of that service, KB3022345. KB2882822 may have a contribution, although it tends not to be mentioned anywhere, being officially pre-requisite for IE11.
      If KB2952664 is installed, then the 3 scheduled tasks mentioned by abbodi86 should be disabled.
      I think this is good enough to keep it simple and block the communication home, although it seems that Windows will still write on disk while the other components from the script are not removed.
      I also think that this discussion, while very interesting for understanding a lot about how Windows works and updates behind the scenes, is largely academic and time-consuming for the non-technical audience, as the effects are not as damaging as some of our posters assume.

    • #31034 Reply


      Sneak what on Windows 2012R2?

    • #31035 Reply


      KB3021917 – released February 2015?

    • #31036 Reply



    • #31037 Reply


      Then maybe the retired KB3022345 was installed and forgotten. It should do very much the same like KB3068708, less the sfc bug.

    • #31038 Reply

      Da Boss

      @abbodi @ch100

      No to KB3068708, 3080149, 3125574, and 3192403.

      KB2882822 installed 11/20/14. That was before all this telemetry stuff became a public hoorah. suspicious file list.

      I read in one of the comments that command line removal method runs into a problem with folder ownership. Will using an eleveted command prompt take care of this? Or maybe not adding the /A in the takeown command so ownership reverts to the current user? Or do you need to manually take ownership?

    • #31039 Reply

      Da Boss

      See below

    • #31040 Reply

      Da Boss

      See below

    • #31041 Reply


      All commands must be executed in elevated command prompt

      Administrator group is better

    • #31042 Reply


      Yes, could be
      i forgot about that withdrawn update

    • #31043 Reply

      Da Boss

      Don’t have KB3022345 installed either. The only one I have is KB2882882. That must be it.

    • #31044 Reply

      Da Boss

      D2882882on’t have any of these or KB3022345 (it was on my block list). Must be KB2882882.

    • #31045 Reply


      All permission issues should be resolved by running as the built-in user named Administrator which is not subject to the normal UAC restrictions.
      With UAC disabled in Windows Vista and 7, any user in the Administrators group is equal.

      Starting with Windows 8, there is an extra step required to completely disable UAC, but that would disable access to Store applications.

    • #31046 Reply


      No, it has nothing to do with it
      it was even exist before the whole telemetry system is created

    • #31047 Reply


      If you want to be truly sure you didn’t install any of the updates, check this file (search for each update KB number)

    • #31048 Reply


      abbodi86 knows this stuff better. I mentioned KB2882822 only because it is superseded by KB3080149, but it is likely that KB3080149 does the other things like telemetry in addition to the superseded components of KB2882822.

    • #31049 Reply


      You mean “HKEY_LOCAL_MACHINESYSTEMCurrentControlSet” NOT “HKEY_LOCAL_MACHINESYSTEMControlSet001”. Remember for all you know “HKEY_LOCAL_MACHINESYSTEMControlSet002” is the primary one is use on my PC. 001 could be the backup.

    • #31050 Reply


      What will I do when support for 7 ends in 3 years?

      I don’t know. Ask me in 3 years!

      Windows 10 in its current form is not an option. It doesn’t exist to me; it’s like the tooth fairy or a unicorn… something we can talk about or discuss, but not something I will ever see.

      When Win 10 first came out, I tried it… and I could see this was nothing I was interested in using. I restored one of my backups (I made two on separate external HDDs first) and went back to 7.

      For months, I monitored 10 on my test PC, thinking that surely MS will come to its senses and make 10 into something people would actually want (as opposed to having to be tricked to install it even when it’s free). Four years (at that point, the time left on 7) was a long time, after all; that is a lot of time for Windows 10 to evolve.

      As months passed, it became evident that MS had no intention of returning to a paradigm where the goal was to serve the customer rather than own him. Windows 10 got worse, not better, as MS usurped more and more control over its victims’ PCs.

      I wiped 10 from the test PC. There was nothing more to be learned about it. That was also when I decided to put Linux on my main PC as a dual-boot (I’d had it as a dual-boot option on the test PC) to accelerate the familiarization process and enable a gradual transition. I decided upon Mint Cinnamon after trying several distros and desktop environments.

      I learned quite a bit about Linux, and I’ve migrated most of my stuff over. I then did the same for my laptop, which now functions flawlessly with Mint (everything on it works, including the wireless button/LED and the fingerprint reader). I know now that I can survive without Microsoft. I’d have preferred to keep using Windows, but MS just made that impossible for me.

      I can’t say whether I will transition to Linux completely or if I will keep Windows around for the odd task I may need it for, and if I do, what form it will be in. I just know that if 10 is anything like it is now, that ain’t gonna be it.

    • #31051 Reply


      ControlSet001 = CurrentControlSet

    • #31052 Reply

      Gary Karasik

      Bravo! Just what I was thinking, but much more articulately stated.

      I would add that, unless Microsoft does something deliberately to sabotage it (unfortunately not out of the realm of possibility), there will be no reason to leave Win7 just because Microsoft stops supporting it. It will still run, and there’s no reason to think hackers will target it when the more-interesting targets will be running Win10 or whatever it calls itself then.

      I’m still running XP and Server 2003 machines that are perfectly adequate for what they do, and with a little extra security work, are perfectly safe.


    • #31053 Reply


      In 99% of the situations yes, but now always.
      It is a common mistake done sometimes even by the most experienced system engineers.
      The correct one is as Bob?… says.

    • #31054 Reply


      Yep, both of you are correct actually ๐Ÿ™‚
      ControlSet001 doesn’t always map to CurrentControlSet

      i tend to use ControlSet001, becuase when doing offline registry mods, CurrentControlSet don’t exist

    • #31055 Reply


      Winblows Update is disabled on all our hardware. Spycro$oft got replaced with Linuxmint, the few which require it, are patched minus the spycrap and offline. Google “Block Windows” script. Run it. Take a breath.

      Screw this company.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft plans to roll out major extensions to its Diagnostic and Telemetry service in November

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.