Worried about Windows 10 privacy issues? Group/Local policy to the rescue!

Guides

win10privacy

I hear and see all over the Internet that people have privacy concerns about Windows 10 and for good reason. For any security concious person, like myself, they’re probably not very happy about many of the decisions that were made for Windows 10. Microsoft seems to be very tight lipped about their updates and what information is actually shared in their “learning” and “telemetry” information that is sent back to the Microsoft mother ship. There are also many other features included in Windows 10 that are, or could be seen as, a privacy concern; such as the advertising ID, WiFi Sense, Cortana, and the list goes on…

One of the biggest worries, though, is Microsoft’s policy on disclosing or sharing your personal information. The following is an excerpt from the privacy policy:

“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”

I’m sure many from the IT community are aware of Microsoft’s direct involvement with Government spying programs – so make no mistake, you are being watched.

The Solution

With that aside, I will say there are tools at your disposal to greatly minimize the privacy issues in Windows 10. This can said for both users at home and businesses with thousands of Windows 10 desktops. The answer is simple: Group or Local Policy. It is the safest and easiest way to secure your Windows 10 desktops from Microsoft’s spying eye’s. There are third-party tools available that you can run to achieve similar results but with those you never know what else your getting and in a business environment this would be a big no-no.

Group Policy – Fix Windows 10 privacy issues in an Active Directory domain (Business)

To secure computers in a Active Directory domain we will be making changes to group policy. Group Policy tools use Administrative template files to populate policy settings in the GPO Management interface. To do this we we must download the Windows 10 Group Policy (.ADMX) templates from Microsoft and upload them onto one of your domain controllers. This is a more advanced change I would recommend to system administrators.

  1. Download the Windows 10 Group Policy (.ADMX) templates, visit http://www.microsoft.com/en-us/download/details.aspx?id=48257
  2. You’ll then need to copy ADMX templates you downloaded to the Central Store on a AD domain controller server. I won’t go into detail on how to do this, so carefully follow the instructions as seen here: https://msdn.microsoft.com/en-us/library/bb530196.aspx
  3. Once the ADMX files are installed to the Central Store, open the Group Policy Management RSAT from your workstation (that is on the domain)
  4. Now simply filter/search for the GPO’s as listed below and set them to your desired configuration. I would highly recommend creating a new GPO object to apply these rules to – not the Default GPO!

Local Policy – Fix Windows 10 privacy issues for users at home without a AD domain (User)

For home users we can skip all of the ADMX templates stuff. It’s irrelevant because the Windows 10 policy definitions are already installed in the /Windows/Policy Definitions folder by default. That means we can just modify the Local Policy to achieve the same results as above. This is much easier to do and can be done by anyone with a good understanding of how Windows works.

  1. Start –> Run –> “gpedit.msc”
  2. You should now be on the Local Group Policy Editor. Expand “Computer Configuration” –> Administrative Templates –> “All Settings”
  3. Right click on “All Settings” and click on “Filter Options”
  4. This is where you will be searching for and applying each of the GPO’s as listed below to your system. Search for each one and configure as necessary.
    • Note: Make sure you are making the changes to the Computer Configuration section, and not User Configuration. User configuration is applied to the USER session. Computer configuration is applied to the entire computer thus effecting every user.

Policy Edit List

Search and enable/disable the following Windows 10 policy edits as per the list below. This list applies for both Group and Local policy edits. This list was compiled by myself after carefully combing through the policies and removing and disabling things that I personally do not use or want on the systems.  You can make all or some of these recommendations at your own discretion for your environment. Be aware that some of these settings have two values that must be configured (state and option) for them to work properly.



Once these settings have been applied to your Windows 10 system its best to run a “gpupdate” and then reboot for them to take full effect. If you need to roll-back any of these changes simply follow the same steps and change the setting of the policies you wish to remove or modify.

Let me know in the comments below if you found this useful or have other comments and suggestions! Thanks!

Karl Nyen

Published by Karl Nyen

Karl Nyen has been involved in the virtualization, server, web development and web hosting industry for over 10 years. In his current role at a managed service provider, he is focused on cloud-based solutions for enterprise clients. His diverse background of sales, management, and architectural/technical expertise bring a unique perspective to the virtualization practice. Karl welcomes input from vendors, industry contacts, and end users.

Comments

  1. Posted by Bill Clay on February 12th, 2016, 15:19

    The last time I made privacy changes to Win 10, they were all reset to default when Windows Update installed a new update. I feel that this is a losing battle if Microsoft is going to keep resetting our systems every time they send an update.

    • Karl Nyen
      Posted by Karl Nyen on February 12th, 2016, 16:40

      Bill, you make a good point. That’s exactly why applying these settings using policy is a good countermeasure as it will override any setting that a Windows Update may apply in the future. 🙂

  2. Posted by Moofey on February 12th, 2016, 21:23

    “windows cannot find gpedit.msc”

    Fails right out of the box.

    • Karl Nyen
      Posted by Karl Nyen on February 13th, 2016, 07:18

      As I mentioned this change is NOT for everyone. There is lots of documentation on the internet on how to get to a command prompt in Windows. I suggest starting there. 😉

  3. Posted by Tinfoil Hat on February 13th, 2016, 08:41

    Win10 home edition seems to lack gpedit. I’ve noticed the same thing missing in windows 7.

    Really pathetic on Microsoft’s part.

%d bloggers like this: