Configuration TelemetryPrivacySecurity { Import-DscResource -ModuleName PSDesiredStateConfiguration Node localhost { # === TELEMETRY & DATA COLLECTION === # Disable Windows Telemetry Registry DisableTelemetry1 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" ValueName = "AllowTelemetry" ValueType = "DWord" ValueData = "0" } Registry DisableTelemetry2 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" ValueName = "MaxTelemetryAllowed" ValueType = "DWord" ValueData = "0" } Registry DisableTelemetry3 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" ValueName = "AllowTelemetry" ValueType = "DWord" ValueData = "0" } # Disable Application Compatibility Telemetry Registry DisableAppCompatTelemetry { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat" ValueName = "AITEnable" ValueType = "DWord" ValueData = "0" } # Disable Edge UI MFU Tracking Registry DisableEdgeMFUTracking { Ensure = "Present" Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\EdgeUI" ValueName = "DisableMFUTracking" ValueType = "DWord" ValueData = "1" } # Disable TIPC (Text Input Panel Component) Registry DisableTIPC { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Input\TIPC" ValueName = "Enabled" ValueType = "DWord" ValueData = "0" } # Disable System Instrumentation Registry DisableInstrumentation1 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" ValueName = "NoInstrumentation" ValueType = "DWord" ValueData = "1" } Registry DisableInstrumentation2 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" ValueName = "NoInstrumentation" ValueType = "DWord" ValueData = "1" } # Disable Handwriting Error Reports Registry DisableHandwritingErrorReports { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports" ValueName = "PreventHandwritingErrorReports" ValueType = "DWord" ValueData = "1" } # Disable Input Personalization Data Collection Registry DisableImplicitInkCollection1 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\InputPersonalization" ValueName = "RestrictImplicitInkCollection" ValueType = "DWord" ValueData = "1" } Registry DisableImplicitInkCollection2 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization" ValueName = "RestrictImplicitInkCollection" ValueType = "DWord" ValueData = "1" } Registry DisableImplicitTextCollection { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization" ValueName = "RestrictImplicitTextCollection" ValueType = "DWord" ValueData = "1" } Registry DisableHarvestContacts { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" ValueName = "HarvestContacts" ValueType = "DWord" ValueData = "0" } Registry DisablePrivacyPolicy { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Personalization\Settings" ValueName = "AcceptedPrivacyPolicy" ValueType = "DWord" ValueData = "0" } Registry DisableLinguisticDataCollection { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput" ValueName = "AllowLinguisticDataCollection" ValueType = "DWord" ValueData = "0" } Registry DisableFeedbackNotifications { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" ValueName = "DoNotShowFeedbackNotifications" ValueType = "DWord" ValueData = "1" } Registry DisableDeviceNameTelemetry { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" ValueName = "AllowDeviceNameInTelemetry" ValueType = "DWord" ValueData = "0" } # Disable Error Reporting Registry DisableErrorReporting1 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting" ValueName = "DoReport" ValueType = "DWord" ValueData = "0" } Registry DisableErrorReporting2 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\PCHealth\ErrorReporting" ValueName = "ShowUI" ValueType = "DWord" ValueData = "0" } Registry DisableErrorReporting3 { Ensure = "Present" Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting" ValueName = "DoReport" ValueType = "DWord" ValueData = "0" } Registry DisableErrorReporting4 { Ensure = "Present" Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting" ValueName = "ShowUI" ValueType = "DWord" ValueData = "0" } Registry DisableStorageTelemetry { Ensure = "Present" Key = "HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl\StorageTelemetry" ValueName = "DeviceDumpEnabled" ValueType = "DWord" ValueData = "0" } Registry DisableAccountNotifications1 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications" ValueName = "DisableAccountNotifications" ValueType = "DWord" ValueData = "1" } Registry DisableAccountNotifications2 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ValueName = "Start_AccountNotifications" ValueType = "DWord" ValueData = "0" } Registry DisableConnectedUser { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ValueName = "NoConnectedUser" ValueType = "DWord" ValueData = "1" } Registry DisableScoobeSystemSetting { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" ValueName = "ScoobeSystemSettingEnabled" ValueType = "DWord" ValueData = "0" } # === PRIVACY & LOCATION SERVICES === # Disable Location Services Registry DisableLocationService { Ensure = "Present" Key = "HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" ValueName = "Status" ValueType = "DWord" ValueData = "0" } Registry DisableLocationMachine { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" ValueName = "Value" ValueType = "String" ValueData = "Deny" } Registry DisableLocationUser { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" ValueName = "Value" ValueType = "String" ValueData = "Deny" } Registry DisableLocationNonPackaged { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\NonPackaged" ValueName = "Value" ValueType = "String" ValueData = "Deny" } Registry DisableLocationCamera { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.WindowsCamera_8wekyb3d8bbwe" ValueName = "Value" ValueType = "String" ValueData = "Deny" } Registry DisableLocationOverride { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CPSS\Store\UserLocationOverridePrivacySetting" ValueName = "Value" ValueType = "DWord" ValueData = "0" } Registry DisableLocationWeather { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\Microsoft.BingWeather_8wekyb3d8bbwe" ValueName = "Value" ValueType = "String" ValueData = "Deny" } # === SEARCH & CORTANA === # Disable Bing Search Registry DisableBingSearch { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" ValueName = "BingSearchEnabled" ValueType = "DWord" ValueData = "0" } Registry DisableSearchBoxSuggestions { Ensure = "Present" Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" ValueName = "DisableSearchBoxSuggestions" ValueType = "DWord" ValueData = "1" } # Disable Cloud Search Registry DisableCloudSearch { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" ValueName = "AllowCloudSearch" ValueType = "DWord" ValueData = "0" } # Disable Cortana Registry DisableCortana1 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" ValueName = "AllowCortana" ValueType = "DWord" ValueData = "0" } Registry DisableCortana2 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search" ValueName = "AllowCortanaAboveLock" ValueType = "DWord" ValueData = "0" } Registry DisableCortana3 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" ValueName = "CortanaEnabled" ValueType = "DWord" ValueData = "0" } Registry DisableCortana4 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" ValueName = "CortanaConsent" ValueType = "DWord" ValueData = "0" } # === SECURITY === # Disable SmartScreen Registry DisableSmartScreen { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" ValueName = "SmartScreenEnabled" ValueType = "String" ValueData = "Off" } Registry DisableEdgePhishingFilter { Ensure = "Present" Key = "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" ValueName = "EnabledV9" ValueType = "DWord" ValueData = "0" } # Disable Active Help Registry DisableActiveHelp { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Assistance\Client\1.0" ValueName = "NoActiveHelp" ValueType = "DWord" ValueData = "1" } # Configure Zone Information for attachments Registry SaveZoneInformation { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" ValueName = "SaveZoneInformation" ValueType = "DWord" ValueData = "1" } Registry LowRiskFileTypes { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" ValueName = "LowRiskFileTypes" ValueType = "String" ValueData = ".zip;.rar;.7z" } # Configure Trusted Sites Registry TrustedSite1 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\192.168.100.5" ValueName = "*" ValueType = "DWord" ValueData = "1" } Registry TrustedSite2 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\callisto.andrewspolytechnic.com" ValueName = "*" ValueType = "DWord" ValueData = "1" } # Disable UAC prompts for Admin Registry DisableUACPrompt { Ensure = "Present" Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" ValueName = "ConsentPromptBehaviorAdmin" ValueType = "DWord" ValueData = "0" } # === CONSUMER FEATURES & CONTENT DELIVERY === # Disable Windows Consumer Features Registry DisableConsumerFeatures { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent" ValueName = "DisableWindowsConsumerFeatures" ValueType = "DWord" ValueData = "1" } # Disable Content Delivery Manager Features Registry DisableSilentInstalledApps { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" ValueName = "SilentInstalledAppsEnabled" ValueType = "DWord" ValueData = "0" } Registry DisableSubscribedContent { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" ValueName = "SubscribedContent-338388Enabled" ValueType = "DWord" ValueData = "0" } Registry DisableOemPreInstalledApps { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" ValueName = "OemPreInstalledAppsEnabled" ValueType = "DWord" ValueData = "0" } Registry DisablePreInstalledApps { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" ValueName = "PreInstalledAppsEnabled" ValueType = "DWord" ValueData = "0" } # === NVIDIA TELEMETRY === Registry DisableNvidiaOptIn { Ensure = "Present" Key = "HKLM:\SOFTWARE\NVIDIA Corporation\NvControlPanel2\Client" ValueName = "OptInOrOutPreference" ValueType = "DWord" ValueData = "0" } Registry DisableNvidiaRID1 { Ensure = "Present" Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS" ValueName = "EnableRID44231" ValueType = "DWord" ValueData = "0" } Registry DisableNvidiaRID2 { Ensure = "Present" Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS" ValueName = "EnableRID64640" ValueType = "DWord" ValueData = "0" } Registry DisableNvidiaRID3 { Ensure = "Present" Key = "HKLM:\SOFTWARE\NVIDIA Corporation\Global\FTS" ValueName = "EnableRID66610" ValueType = "DWord" ValueData = "0" } Registry DisableNvTelemetryContainer { Ensure = "Present" Key = "HKLM:\SYSTEM\CurrentControlSet\Services\NvTelemetryContainer" ValueName = "Start" ValueType = "DWord" ValueData = "4" } # === DISABLE THUMBNAILS ON NETWORK === Registry DisableThumbsDB1 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows" ValueName = "DisableThumbsDBOnNetworkFolders" ValueType = "DWord" ValueData = "1" } Registry DisableThumbsDB2 { Ensure = "Present" Key = "HKCU:\SOFTWARE\Policies\Microsoft\Windows\Explorer" ValueName = "DisableThumbsDBOnNetworkFolders" ValueType = "DWord" ValueData = "1" } Registry DisableThumbsDB3 { Ensure = "Present" Key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer" ValueName = "DisableThumbsDBOnNetworkFolders" ValueType = "DWord" ValueData = "1" } Registry DisableThumbnailCache { Ensure = "Present" Key = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" ValueName = "NoThumbnailCache" ValueType = "DWord" ValueData = "1" } } } # Generate the MOF file TelemetryPrivacySecurity -OutputPath "\temp\DSC\TelemetryPrivacySecurity" # Apply the configuration Start-DscConfiguration -Path "\temp\DSC\TelemetryPrivacySecurity" -Wait -Verbose -Force