UPDATE: This is a work in progress document, please disregard all spelling-errors and outdated info.
I'm a linux user, and by accident a tablet with window 10 home edition came into my possesion.
And I was not prepared for the shock that is windows 10, they have successfully reminted the term "Rightless Slave" into the term "User".
So this article is about regaining control over your hardware with the following goals in mind:
- Stability
- Security ( As in "protection against third-parties" like microsoft, not as in "protect a user against himself" )
- Performance
- Removal of unwanted bloatware
- Prevention microsoft from stealing your personal information
It's important to mention that most of you who learned anything about computers or Windows have been fed misinformation.
Microsoftian dictionary:
Microsoftian | English |
---|---|
Security issue | Risk of disturbances in control-enforcment |
Unprotected | Risk of user-disturbances |
Not recommended | Loophole detected |
Advanced Settings | European-advocacies forced us to relinquish this button |
Stability issues | Risk of distruption in automatic information-theft |
Amazing feature | Button to pacify beginners |
Hotfix | Malware |
Windows Update | Routine anal-probe |
System Healing | Eject user from system |
System Recovery | Coup'd grace |
When browsing the internet and gathering information, please refer to the dictionary whenever these words appear.
When doing a fresh install after it let's you select your language and and keyboard layout. It will ask you for to connect to a wifi. DONT! Simply DONT!
Hidden in the bottom left is a small text saying "Skip this step"
After skipping wifi screen it will present you some kind of screen with only one button "Express setup" Again DO NOT CLICK IT! Use the small white link in the lower left, "Customize installation" and you'll be happy you did. Cause the next 3 screen will contain 3 options on each that can be opted out and basically you legally sign over your soul to microsoft if you leave them in "on" state.
Once you have access to the desktop, you can very carefully bring up the
network settings, and connect to your wifi, then you have to be super
quick to click the advanced network settings?
and activate Metered connection
toggle.
This will prevent microsoft from installing malicious updates on your computer that will make the next steps of this document impossible to complete.
UPDATE: It turns out that the GPeditor is just a fancy frontend for the registry editor, here's a map to all the keys you can set: http://gpsearch.azurewebsites.net/
Turn off windows defender (It only defends windows against yourself)
HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows Defender
* Create DWORD 'DisableAntiSpyware' value: '1'
HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows Search
* Create DWORD 'Allowcortana' value: '0'
* Create DWORD 'AllowSearchToUseLocation' value: '0'
The following tasks should be set to disabled for security reason tasksched.msc
# Performs scheduled benchmarks of your system
# unless your hardware has changed this is completley unecessary statistics gathering
# that does nothing but waste cpu-cycles and batterylife without your permission.
/Microsoft/Windows/Maintenence/WinSAT
# According to description this is an official microsoft Trojan
/Microsoft/Windows/WindowsUpdate/sih
/Microsoft/Windows/WindowsUpdate/sihboot
# Disable automatic updates
/Microsoft/Windows/WindowsUpdate/Scheduled Start
# Disable automatic updates of Windows-store
/Microsoft/Windows/WindowsUpdate/Automatic App Update
Name | Original Status | New Status |
---|---|---|
Background Intelligent Transfer Service | Automatic-Delayed | Disabled |
Windows Update | Manual-Triggered | Disabled |
Disabling the windows-update service will finally prevent windows-update from being able to start without your permission. If you against your better judgement need to contact their microsoft-malware-servers in the future, you can temporarily set the service back to manual start.
UPDATE: The powershell "uninstall" only removes the items from your start menu. In order to really get rid of them use the method described here: http://www.askvg.com/windows-10-tip-remove-cortana-microsoft-edge-contact-support-and-feedback-apps/ Also you will reclaim approx 1.2GB disk-space with them gone.
Right-click start-icon, choose "Command-prompt as Administrator" and type "powershell", then use the following lines to
Category 1. Dangerous cloudbased spyware:
Get-AppxPackage *bingsports* | Remove-AppxPackage
Get-AppxPackage *bingweather* | Remove-AppxPackage
Get-AppxPackage *zunemusic* | Remove-AppxPackage
Get-AppxPackage *zunevideo* | Remove-AppxPackage
Get-AppxPackage *bingnews* | Remove-AppxPackage
Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *bingfinance* | Remove-AppxPackage
Get-AppxPackage *windowsmaps* | Remove-AppxPackage
Get-AppxPackage *skypeapp* | Remove-AppxPackage
Get-AppxPackage *officehub* | Remove-AppxPackage
Get-AppxPackage *getstarted* | Remove-AppxPackage
Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage # Calendar and mail
Get-AppxPackage *people* | Remove-AppxPackage
Get-AppxPackage *windowsphone* | Remove-AppxPackage
Get-AppxPackage *xboxapp* | Remove-AppxPackage
Category 2. unecessary bloatware:
Get-AppxPackage *3dbuilder* | Remove-AppxPackage
Get-AppxPackage *windowsalarms* | Remove-AppxPackage
Get-AppxPackage *windowscalculator* | Remove-AppxPackage
Get-AppxPackage *windowscamera* | Remove-AppxPackage
Get-AppxPackage *solitairecollection* | Remove-AppxPackage
Get-AppxPackage *photos* | Remove-AppxPackage
Get-AppxPackage *soundrecorder* | Remove-AppxPackage
Get-AppxPackage *windowsstore* | Remove-AppxPackage # Windows Store
To reinstall everything again against your better judgement:
Get-AppxPackage -AllUsers| Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}
The instructions in part 1 only deactivates the applications for your user-account. To truly remove them and reclaim a few gigabytes of space you have to delete them from the filesystem. The only problem is that microsoft has tried to prevent you from accessing the folders where these apps are located using folder priviledges.
In order to see the contents of the of theese folders you need to Take Ownership
using the attached take-ownership-install.reg
on the following 3 locations:
C:\Windows\SystemApps
C:\Users\username\AppData\Local\Packages
C:\Program Files\WindowsApps
Post cleanup view of programs folder:
Directory of C:\Program Files\WindowsApps
2017-01-04 18:56 <DIR> Deleted
2016-10-01 01:37 <DIR> Microsoft.NET.Native.Framework.1.3_1.3.23901.0_x64__8wekyb3d8bbwe
2016-10-01 01:37 <DIR> Microsoft.NET.Native.Framework.1.3_1.3.23901.0_x86__8wekyb3d8bbwe
2016-10-01 01:37 <DIR> Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe
2016-10-01 01:37 <DIR> Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe
2016-10-01 01:37 <DIR> Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe
2016-10-01 01:37 <DIR> Microsoft.VCLibs.140.00_14.0.23816.0_x86__8wekyb3d8bbwe
Post-cleanup view of user-packages folder: Keep only the shell-experience host and immersive controlpanel in order for the metro start-menu and the metro-control-panel to continue to work.
Directory of C:\Users\telamon\AppData\Local\Packages
2017-01-04 14:11 <DIR> Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy
2017-01-04 14:11 <DIR> windows.immersivecontrolpanel_cw5n1h2txyewy
While deleting cortana from the system you will encounter files that are locked by the search process.
Open the task-manager and kill the cortana or search.exe process and then quickly press the try-again
button in the delete files dialogue.
And the last system-apps folder.
I did't dare delete the folders here so instead i prepended a couple with an !
exclamationmark:
Directory of C:\Windows\SystemApps
2017-01-04 19:57 <DIR> .
2017-01-04 19:57 <DIR> ..
2016-10-01 01:37 <DIR> !ContactSupport_cw5n1h2txyewy
2017-01-04 15:39 <DIR> !Microsoft.MicrosoftEdge_8wekyb3d8bbwe
2016-10-01 01:37 <DIR> !Microsoft.Windows.Cortana_cw5n1h2txyewy
2016-10-01 01:37 <DIR> !Microsoft.XboxGameCallableUI_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.AccountsControl_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.BioEnrollment_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.LockApp_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.PPIProjection_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.Windows.SecondaryTileExperience_cw5n1h2txyewy
2016-10-01 01:37 <DIR> Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy
2016-10-01 01:37 <DIR> ParentalControls_cw5n1h2txyewy
2016-10-01 01:37 <DIR> ShellExperienceHost_cw5n1h2txyewy
Remove onedrive using commandline-window in admin mode:
taskkill /f /im OneDrive.exe
%SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall
Needless to say but make sure that you've downloaded and installed a non-microsoft alternatives before you setup the new firewall rules.
This needs to be done for both inbound and outbound rules:
- Edge , convert
allow
todeny
- Search, convert
allow
todeny
- Contact Support
allow
todeny
- Cortana , create new deny-all rule
I Disabled the following:
- Windows family*
- Windows Media player*
- Winddows Feedback
- Windows Spotlight
- Xbox*
- Find non-microsoft alternative to windows firewall
- GNU Replacements for standard windows applications.
http://www.howtogeek.com/224471/how-to-prevent-windows-10-from-automatically-downloading-updates/ computer-policies ->
Computer preferences - kan jag aktivera computer-policies.
write-protect downloaded installation files. disable indexing.
- stäng av uac