Windows 10 privacy settings

The purpose of this wiki doc is to list all known privacy settings in Windows 10. Many of these Group Policy and Registry settings are about Windows 10 telemetry. However, this document is intended to cover every Windows feature that could reveal private or corporate information to third parties.

Contents
  1. Turn off the advertising ID
  2. Configure Windows smartscreen
  3. Improve typing?
  4. Locally relevant content?
  5. Turn off location / Location on / off
  6. Location history?
  7. Camera?
  8. Microphone?
  9. Allow input personalization
  10. User management of sharing user name account picture and domain information with apps (not desktop apps)
  11. Access contacts
  12. Access calendar
  13. Apps that can access calendar?
  14. Read or send messages
  15. Apps that can read or send messages?
  16. Disable Radios
  17. Apps that can control radios?
  18. Sync info with wireless devices
  19. Other wireless devices that share info?
  20. Feedback frequency
  21. Allow Telemetry
  22. Apps running in the background?
  23. Prevent the usage of OneDrive for file storage
  24. Turn off Active Help
  25. Allow Cortana
  26. Allow indexing of encrypted files
  27. Allow search and Cortana to use location
  28. Do not allow web search
  29. Don't search the web or display web results in Search
  30. Don't search the web or display web results in Search over a metered connection
  31. Set what information is shared in Search
  32. Sync Your Settings (various policies)
  33. Disable Windows Error Reporting (various policies)
  34. Join Microsoft MAPS
  35. Sent file samples when further analysis is required
  36. Do not send a Windows error report when a generic driver is installed on a device
  37. Turn off Windows Customer Experience Improvement Program
  38. Turn off Windows Error Reporting
  39. Turn off Application Telemetry
  40. Turn off Inventory Collector
  41. Prevent participation in the Customer Experience Improvement Program
  42. Prevent Windows Media DRM Internet Access
  43. Prevent Music File Media Information Retrieval
  44. Prevent Music CD and DVD Media Information Retrieval
Avatar
Latest posts by Michael Pietroforte (see all)

If you are aware of additional settings or if you notice that some of the information is incorrect, you can edit the document after signing in. If you do not have a 4sysops account, then please register here.

Sometimes, a Group Policy or Registry setting is missing. A setting marked in red indicates a setting that will appear in the Windows 10 privacy settings, but we have not yet located this particular Group Policy or Registry setting.

If you know the missing piece of information, please add it. Please stick to the same syntax and formatting of the other entries.

Windows 10 Privacy

Some settings might only work in Windows 10 Enterprise and not in Windows 10 Pro. If you know this is the case, please add this information. Also, please note that this document is not about Windows 10 Home.

Thus far, this list is in no particular order. If you have suggestions on how to better order the document, please post a comment below the doc.

Please also post a comment if you have any tips or experiences to share regarding Windows 10 privacy settings. Please note, currently, only logged-in users can comment on wiki docs.

Turn off the advertising ID

Computer Configuration > Administrative Templates > System > User Profiles

This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps.

Windows setting (Settings > Privacy > General):

Let apps use my advertising ID for experiences across apps

Configure Windows smartscreen

Computer Configuration > Administrative Templates > Windows Components > File Explorer

This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.

Windows settings (Settings > Privacy > General):

Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use

Improve typing?

Windows settings (Settings > Privacy > General):

Send Microsoft info about how I write to help us improving typing and writing in the future

Registry key (according to this post):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input\TIPC
Value name: Enabled
Value data: 0 or 1

Locally relevant content?

Windows settings (Settings > Privacy > General):

Let websites provide locally relevant content by accessing my language list.

Registry key (according to this post):

HKEY_CURRENT_USER\Control Panel\International\User Profile
Value name: HttpAcceptLanguageOptOut
Value data: 1 (disable the option)

Turn off location / Location on / off

Computer Configuration > Administrative Templates > Windows Components > Locations and Sensors

If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.

Windows settings (Settings > Privacy > General):

When location services for this account are on, apps and services you allow can request location and location history.

Location history?

Windows settings (Settings > Privacy > Location):

When location is on, the location obtained to meet the needs of your apps and services will be stored for a limited time on the device. Apps that have access to these stored location will appear below.

Camera?

Windows settings (Settings > Privacy > Camera):

Let apps use my camera

Microphone?

Windows settings (Settings > Privacy > Microphone):

Let apps use my microphone

Allow input personalization

Computer Configuration > Administrative Templates > Control Panel > Regional and Language Options

Automatic learning enables the collection of speech and handwriting patterns, typing history, contacts, and recent calendar information. It is required for the use of Cortana.  Some of this collected information may be stored on the user's OneDrive, in the case of inking and typing; some of the information will be uploaded to Microsoft to personalize speech.

Windows settings (Settings > Privacy > Speech, inking, & typing):

Getting to know you

Windows and Cortana can get to know your voice and writing to make better suggestions for you. We’ll collect info like contacts, recent calendar events, speech and handwriting patterns, and typing history.

User management of sharing user name account picture and domain information with apps (not desktop apps)

Computer Configuration > Administrative Templates > System > User Profiles

This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information.

Windows settings (Settings > Privacy > Account Info):

Let apps access my name, picture, and other account info

Access contacts

Windows settings (Settings > Privacy > Contacts)

Choose apps that can access contacts

Some apps need access to contacts to work as intended. Turning off an app here might limit what it can do.

Computer Configuration > Administrative Templates > Windows Components > App Privacy > Let Windows apps access contacts

Access calendar

Windows settings (Settings > Privacy > Calendar)

Let apps access my calendar

Computer Configuration > Administrative Templates > Windows Components > App Privacy > Let Windows apps access the calendar

Apps that can access calendar?

Windows settings (Settings > Privacy > Calendar):

Choose apps that can access calendar

Some apps need access to your calendar to work as intended. Turning off an app here might limit what it can do.

Read or send messages

Windows settings (Settings > Privacy > Messaging):

Let apps read or send messages (text or MMS):

Computer Configuration > Administrative Templates > Windows Components > App Privacy > Let Windows apps access messaging

Apps that can read or send messages?

Windows settings (Settings > Privacy > Messaging):

Choose apps that can read or send messages

Some apps need to read or send messages to work as intended. Turning off an app here might limit what it can do.

Disable Radios

Windows settings (Settings > Privacy > Radios):

Some apps use radio – like Bluetooth – in your device to send and receive data. Sometimes, apps need to turn these radios on or off to work their magic.

Let apps control radios

Computer Configuration > Administrative Templates > Windows Components > App Privacy > Let Windows apps control radios

Apps that can control radios?

Windows settings (Settings > Privacy > Radios):

Choose apps that can control radios

Apps that you need your permission to control your radios will appear here. Go to the Store to get apps.

Sync info with wireless devices

Windows settings (Settings > Privacy > Other devices)

Computer Configuration > Administrative Templates > Windows Components > App Privacy > Let Windows apps access trusted devices

Registry (see comment by Lonn):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled
Value name: ValueValue data (REG_SZ): Deny (to disable) | Allow (to enable)

Sync with devices

Let your apps automatically share and sync info with wireless devices that don’t explicitly pair with your PC, tablet, or phone.

Other wireless devices that share info?

Windows settings (Settings > Privacy > Other devices):

Other devices that allow you to control app access will appear here.

Feedback frequency

Windows settings (Settings > Privacy > Feedback & diagnostics):

Windows should ask for my feedback

Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Do not show feedback notifications

Registry:

HKEY_CURRENT_USER\Software\Microsoft\Siuf\Rules\PeriodInNanoSeconds
HKEY_CURRENT_USER\Software\Microsoft\Siuf\Rules\NumberOfSIUFInPeriod

Allow Telemetry

Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview builds

This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 indicates that no telemetry data from OS components is sent to Microsoft.

Windows settings (Settings > Privacy > Feedback & diagnostics):

Diagnostic and usage data - Send your device data to Microsoft

This option control the amount of Windows diagnostic and usage data sent to Microsoft from your device.

Apps running in the background?

Let apps run in the background

Choose which apps can receive info, send notifications, and stay up-to-date even when you’re not using them. Turning off background apps can help conserve power.

Prevent the usage of OneDrive for file storage

Computer Configuration > Administrative Templates > Windows Components > OneDrive

This policy setting lets you prevent apps and features from working with files on OneDrive.

Turn off Active Help

Computer Configuration > Administrative Templates > Windows Components > Online Assistance

This policy setting specifies whether active content links in trusted assistance content are rendered.  By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.

Allow Cortana

Computer Configuration > Administrative Templates > Windows Components > Search

When Cortana is off, users will still be able to use search to find things on the device and on the Internet.

Allow indexing of encrypted files

Computer Configuration > Administrative Templates > Windows Components > Search

If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply).

Allow search and Cortana to use location

Computer Configuration > Administrative Templates > Windows Components > Search

If this is enabled, search and Cortana can access location information.

Do not allow web search

Computer Configuration > Administrative Templates > Windows Components > Search

Enabling this policy removes the option of searching the Web from Windows Desktop Search.

Don't search the web or display web results in Search

Computer Configuration > Administrative Templates > Windows Components > Search

If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search.

Don't search the web or display web results in Search over a metered connection

Computer Configuration > Administrative Templates > Windows Components > Search

If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web over metered connections, and if the web results are displayed in Search.

Set what information is shared in Search

Computer Configuration > Administrative Templates > Windows Components > Search

This policy setting allows you to control what information is shared with Bing in Search.

Sync Your Settings (various policies)

Computer Configuration > Administrative Templates > Windows Components

Prevent syncing to and from this PC.  This turns off and disables the "sync your settings" switch on the "sync your settings" page in PC Settings.

Disable Windows Error Reporting (various policies)

Computer Configuration > Administrative Templates > Windows Components > Windows Error Reporting

This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.

Join Microsoft MAPS

Computer Configuration > Administrative Templates > Windows Components > Windows Defender > MAPS

Microsoft MAPS is the online community that helps you choose how to respond to potential threats. You can choose to send basic or additional information about detected software. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent.

Sent file samples when further analysis is required

Computer Configuration > Administrative Templates > Windows Components > Windows Defender > MAPS

This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set.

Do not send a Windows error report when a generic driver is installed on a device

Computer Configuration > Administrative Templates > System > Device Installation

Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure.

Turn off Windows Customer Experience Improvement Program

Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings

The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns.

Turn off Windows Error Reporting

Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings

Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product.

Turn off Application Telemetry

Computer Configuration > Administrative Templates > Windows Components > Application Compatibility

­Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.

Turn off Inventory Collector

Computer Configuration > Administrative Templates > Windows Components > Application Compatibility

The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.

Prevent participation in the Customer Experience Improvement Program

Computer Configuration > Administrative Templates > Windows Components > Internet Explorer

This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).

Prevent Windows Media DRM Internet Access

Computer Configuration > Administrative Templates > Windows Components > Windows Media Digital Rights Management

When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.­

Prevent Music File Media Information Retrieval

User Configuration > Administrative Templates > Windows Components > Windows Media Player

This policy setting allows you to prevent media information for music files from being retrieved from the Internet.

Prevent Music CD and DVD Media Information Retrieval

User Configuration > Administrative Templates > Windows Components > Windows Media Player

Subscribe to 4sysops newsletter!

This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.

avataravatar

Discussion (3)

  1. Has there been any options found in GPO to force deny the added App Privacy settings "Documents", "Pictures", "Videos" and "File System"?

  2. Try these..

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess]
    "Value"="Deny"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary]
    "Value"="Deny"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary]
    "Value"="Deny"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary]
    "Value"="Deny"

  3. "Set what information is shared in Search":

     

    gpdedit says "Requirements: Windows 8.1. Not supported on Windows 10 or later"

Leave a Reply

Your email address will not be published. Required fields are marked *

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account