PowerShell script to batch-change privacy settings in Windows 10
With so many different privacy settings in Windows 10, it makes sense to have a script to change them.
April 2017 - Updated script to include all new privacy settings in Version 1703 (Creator's Update)
- Windows 10 or Windows Server 2016
There are several ways to get the script file to your computer, download the zip, clone the repository, save the content manually into a file. You can also get it with PowerShell:
Open a PowerShell window, first cd into a directory of your choice to store the script in, e.g.:
cd ~\Downloads
then download the script by running the following:
(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/hahndorf/Set-Privacy/master/Set-Privacy.ps1') | out-file .\Set-Privacy.ps1 -force
After downloading a PowerShell script from the Internet, you should always review it to make sure it doesn't do anything bad.
ise .\Set-Privacy.ps1
You could also open an elevated PowerShell window and run:
Install-Script -Name Set-Privacy
You may have to confirm a few additional things, but this should be the easiest way.
Assuming you are still in the location you downloaded the script to, run it with one of the required parameters:
.\Set-Privacy.ps1 -Strong
this sets the privacy settings for the current user to Strong, you also have the choice of Default (same as the Windows Express Setup settings) and Balanced (somewhere in the middle)
There are some settings for the whole computer rather than individual users, to change those run with the -admin switch
.\Set-Privacy.ps1 -Strong -admin
To do this, your PowerShell session has to run under an elevated administrator account.
To find out more about the parameters you can use for the script:
help .\Set-Privacy.ps1 -full
The script shows the actual registry settings it is changing. A green line means, the settings was already in place and has not been changed. A yellow line means the settings has been changed.
You may get one of the following messages when trying to run a script:
Execution Policy
...Set-Privacy.ps1 cannot be loaded because running scripts is disabled on this system...
PowerShell doesn't allow the execution of unsigned scripts, to allow the execution of local unsigned scripts for this session run:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
To change the execution policy permanently, run:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
Here's a list of things the three different modes (-Default,-Balanced,-Strong) change.
A * means the feature will be enabled, a - means it will be disabled.
The names can be used with the -Feature parameter to specify individual settings to change.
| Privacy Section (per user) | ||||
| Name | Default | Balanced | Strong | Info |
|---|---|---|---|---|
| AdvertisingId | * | - | - | Let apps use my advertising ID for experience across apps |
| ImproveTyping | * | - | - | Send Microsoft info about how to write to help us improve typing and writing in the future |
| SmartScreen | * | * | - | SmartScreen Filter |
| LanguageList | * | * | - | Let websites provice locally relevant content by accessing my language list |
| Location | * | - | - | Use location information for this user account |
| Camera | * | - | - | Let apps use my camera |
| Microphone | * | - | - | Let apps use my microphone |
| SpeachInkingTyping | * | - | - | 'Getting to know you' - monitoring voice input, inking and typing for Cortana |
| AccountInfo | * | - | - | Let apps access my name, picture, and other account info |
| Contacts | * | - | - | Apps that can access your contacts |
| Calendar | * | - | - | Let apps access my calandar |
| Messaging | * | - | - | Let apps read or send messages (text or MMS) |
| Radios | * | - | - | Let apps use Bluetooth and other radios |
| OtherDevices | * | - | - | Let app share and sync data with other devices |
| FeedbackFrequency | * | - | - | Windows should ask for my feedback |
| DoNotTrack | - | * | * | Edge - Add a Do-Not-Track http header |
| SearchSuggestions | * | - | - | Edge - Search suggestions |
| PagePrediction | * | - | - | Edge - Preload expected pages |
| PhishingFilter | * | - | - | Edge - SmartScreen filter for malicious sites |
| StartTrackProgs | * | - | - | Let Windows track app launches to improve Start and search results |
| AppNotifications | * | - | - | Let apps access my notifications |
| CallHistory | * | - | - | Let apps access my call history |
| * | - | - | Let Apps access and send email | |
| Tasks | * | - | - | Let apps access tasks |
| AppDiagnostics | * | - | - | Let apps access diagnostics of other apps |
| TailoredExperiences | * | - | - | Let Microsoft provide more tailored experiences with relevant tips... |
| -admin switch (machine scope) | ||||
| Name | Default | Balanced | Strong | Info |
| ShareUpdates | * | + | - | In addition to get updates from Microsoft share updates on local network (+) or with the Internet (*) |
| WifiSense | * | - | - | Sharing of Wi-Fi password and using Wi-Fi sense to connect to networks. |
| Telemetry | * | - | - | Diagnostic and usage data |
| SpyNet | * | * | - | Windows Defender, cloud-based Protection and sample submission |
There are a few things this script doesn't change:
-
Background Apps - I don't consider this a privacy issue, even though it appeas under the privacy section of the Windows 10 settings app.
-
Any other tweaks and changes that may be nice to have but have nothing to do with privacy
-
SpyNet Reporting - Administratrators can no longer change this settings. Sample submission is still turned off in -strong mode.