Skip to content

Instantly share code, notes, and snippets.

@AndrewBelt

AndrewBelt/Better Windows 10.md

Last active January 26, 2024 14:06
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AndrewBelt/a82ff1d597f3c0eb3884863e54d9c2a8 to your computer and use it in GitHub Desktop.
Save AndrewBelt/a82ff1d597f3c0eb3884863e54d9c2a8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Better Windows 10.md

Configuring Windows 10 with better privacy, performance, control, and fewer annoyances

As a reasonable computer user, I expect my operating system to not:

  1. send telemetry without my consent. Windows sends Microsoft a massive amount of personal data. [1] [2] [3] [4]
  2. update without my consent. Auto-updating is equivalent to a third-party being able to execute code remotely on my machine where I store private data. Even if an update is not malicious, updates change functionality, and I only want software to change if I know what will change and decide that I want it.
  3. tell me what I can or can't run on my computer. Apple does this way more than Microsoft, by preventing iOS apps to be installed unless jailbroken or by making it difficult for users to run Mac apps that haven't been approved and cryptographically signed by Apple. But Windows does this in some cases too, through Windows Defender false positives or app permissions, and it's likely they will adopt some of Apple's behavior in the future.
  4. consume extensive computing resources at no gain to the user. Downloading updates consumes lots of bandwidth that can interfere with video calls or data plans. Installing updates and collecting telemetry can consume disk bandwidth and CPU that can interfere with the responsiveness of programs you are using. Monitoring services running in the background can consume RAM and interfere with real-time audio software when the OS wakes up the services' threads.
  5. restart without my consent. It wastes time if I need to use my computer while it's restarting. It automatically closes opened programs which potentially can delete unsaved program state. It interrupts idle jobs such as rendering 3D video overnight.
  6. advertise to me. I don't like adware on my computer, simple as that. This is what the default Windows start menu looks like.
  7. [placeholder for another "sin" once I think of something else]

I call these the Seven Deadly Sins of Modern Operating Systems. If Linux works for you, use it. But sometimes you need to use Windows for games, CAD, music production, art, and Windows software development. This guide shows you how to make Windows better by attempting to fix the above bullet points. It's far from perfect, but it's also far from how bad Windows is by default.

Installing

If your organization has access to Windows Enterprise LTSC, use it. Otherwise, buy Windows Home, Pro, or Enterprise and run https://github.com/Sycnex/Windows10Debloater after completing the steps in this guide.

Do not connect to the Internet until you complete all steps in this guide. When installing Windows, disable all checkmarks regarding privacy. (TODO: Elaborate on when these choices appear.) (TODO: Explain how to set up a local user account to avoid logging into a Microsoft account.)

Configuring

Open Windows Settings (key command Super-I) and make the following changes.

  • Apps > Programs and Features: This opens the Windows 7-style uninstaller.
    • Uninstall all programs you don't need.
    • Turn Windows features on or off: Uncheck everything you don't need.
    • View installed updates: Remove all updates.
  • Update & Security > Windows Security > Virus & threat protection > Virus & threat protection settings > Manage settings: Turn everything off.
  • Privacy > General: Turn everything off.
  • Privacy > Diagnostics & feedback: Turn everything off.
  • Privacy > Activity history: Turn everything off.

Open the Group Policy Editor (Super-R, type gpedit.msc) and make the following changes. (TODO: I think Windows Home doesn't have this, so add section on equivalent registry entries.)

  • Computer Configuration / Administrative Templates / Windows Components
    • Windows Update
      • Configure Automatic Updates: Disabled
      • Allow Automatic Updates immediate installation: Disabled
      • Enabling Windows Update Power Management...: Disabled
      • There are possibly improvements to be made here.
    • Windows Defender Antivirus
      • Turn off Windows Defender Antivirus: Enabled
      • Real-time Protection
        • Turn off real-time protection: Enabled
        • Turn on behavior monitoring: Disabled
        • Scan all downloaded files and attachments: Disabled
        • Monitor file and program activity on your computer: Disabled
        • Turn on process scanning...: Disabled
    • Data Collection and Preview Builds
      • Allow Telemetry: Enabled set to "0 - Security" (Possibly only works on Windows Enterprise?)

Restart so that all Microsoft services load these new settings.

Download https://www.encrypt-the-planet.com/downloads/hosts and save it to C:\Windows\System32\Drivers\etc\ to block most Windows telemetry. Note that if you don't disable Windows Defender, it will try to prevent you from downloading this file. This step only blocks telemetry sent to domain name destinations. Windows sends some telemetry directly to IP addresses, which only a firewall can block.

@iamjonny
Copy link

nice 👍🏻

  1. I'm on windows11 (bare metal vhdx, now on UEFI :) and due to Windoesnotcompute errors and failed updates I've added shutup to manage my updates better (WorkInProgress)

Are you still win10? Or is this applicable to win11 too? Or are you also now using other debloaters, targeted at win11?

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment