Notices

-Before The panic began, please note its only opinion calling Telemetry a Keylogger
-This Topic is about ensure Keylogger/ Telemetry is disabled as much as possible but we cant be certain, Although
after Testing its working as should


Tut - Video https://youtu.be/HYzmztnCC4c

Tested On Builds 10240 - 14251
I don't see the weird dns packets in server 2016 build 10.0.10514


[Guide]Way to Disable Keylogger/ Telemetry v3.4
Removing packages with Powershell script, need to run as TrustedInstaller
Packages like: Windows defender, Telemetry, Onedrive, Cortana...
This script can used also to make LTSB Like version

#Preparation

If u have OS with another lang change "*en-US*,*en-*Package*" to your lang

If u gonna use the script for online / current OS
just change the z: to c:, /image:temp to /online, cd "HKLM:\111\... to cd "HKLM:\Software\...
and also skip the hiving and unloading the reg

For mounted wim, copy dism folder with lastest dism version, cmd to mount:
Code:
#Mount
dism\dism /Mount-Wim  /WimFile:install.wim /index:1 /MountDir:temp /ScratchDir:.
#Removing packages
Code:
### Fully Automatic Removing Packages / Lite'en Windows 10 / 8.x, by Lite8@MDL / Aviv00@MSFN ###

#Get packages list excluding en-us packages
$s = dir .\Windows\servicing\Packages\*.cat -Exclude *en-US*,*en-*Package*
# Filter Packages
$s = (dir $s -Include *WindowsFeedback*,*Windows-Skype-ORTC*,*Windows-Prerelease*,*Windows-DiagTrack*,*Windows-ContactSupport*,*OneCore-Maps*,*OneDrive*,*TroubleShooting*,*Search2*,*Cortana*,*Xbox*,*Defender* -Exclude *AutoMerged-xbox*).BaseName
#Count
$s; $s.count
# Hive reg
reg.exe load HKLM\111 ".\Windows\System32\config\software"
#
cd "HKLM:\111\Microsoft\windows\CurrentVersion\Component Based Servicing\Packages"
# Remove Owners from reg
$s | foreach { join-path $PSItem \owners | rd }
#
z:
# save reg and unhive
reg.exe unload HKLM\111
# remove packages 
$s |  foreach { dism /ScratchDir:. /image:temp /Remove-Package /PackageName:$PSItem }
#Finalizing
Code:
#remove winsxs\*defender* folders - Applied to build 11102 and above - don't uninstall win defender offline in those builds image will be unserviceable 
rd .\windows\winsxs\*defender* /s /q
#Cleanup
dism\dism /image:temp /Cleanup-Image /StartComponentCleanup /ResetBase
#Commit
dism\dism /Commit-Wim /MountDir:temp /ScratchDir:.
#Export
dism\dism /Export-Image /SourceImageFile:install.wim /SourceIndex:1 /DestinationImageFile:install2.wim
; if u use ramdisk like me copy install2 to another folder and format the ramdisk to save time
Code:
#OneDrive remove service
sc delete OneSyncSvc
sc delete OneSyncSvc_24f3a

For Enterprise - open cmd.exe with admin run the code(credit goes to murphy78)
Tested on Enterprise
Code:
REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection\ /v AllowTelemetry /t REG_DWORD /d 0 /f

Use this Also for Other Editions

Run cmd as admin
then start the process

use Sc.exe to delete the 3 services
run this:
Code:
sc delete dmwappushsvc
sc delete diagnosticshub.standardcollector.service
sc delete diagtrack
#Deny Diagnosis Folder
deny system accessing the file AutoLogger-Diagtrack-Listener.etl with cacls

Code:
icacls "C:\ProgramData\Microsoft\Diagnosis" /remove:g system /inheritance:r /deny system:(OI)(CI)f

#Blocking Cortana v1.1
Change Search in Firewall advanced to block
or run this in cmd with admin
Code:
Powershell Set-NetFirewallRule -DisplayName search -Action Block
Disabling "Windows Connect Now - Config Registrar"
Powershell Set-service wcncsvc -StartupType disabled