Nearly all of these "clean up" scripts are a horrendous idea to run on your machine, I see right at the top that this script disables SmartScreen, a service that absolutely should not be disabled unless you want your machine to get owned.
It then proceeds to set your current network as Private (aka "open all the ports") regardless of which network you're connected to - hope you're at home! Other changes are completely superfluous, like disabling "3D Objects" which has already been disabled in the latest Windows version
Sadly, this is an expected consequence of the aggressive monetization, telemetry, and other tracking that ships with the OS.
When you make it hard to trust the system, people will look at any component that seems unnecessary. They might not know what it is, but they don't trust it anymore. So it might as well get disabled. You know, to be safe.
But at the end of the day I suppose it's only a small percent of users, isn't it?
I'm sure the aggressive push for automatic updates — replacing the "Cancel" button by "Maybe Later", and the "Maybe Later" by "You have 2 minutes" — has worked miracles.
So I think we can expect more of this in the future, and the scripts will get even more paranoid in response. What an antagonistic situation.
This class of user has always been doing such silly things long before "monetization". There were plenty of guides for Windows XP and Vista claiming to "increase performance" by disabling things like the indexer (fun fact, that will TANK your performance in a variety of areas), the Cryptographic services, and more. They never had any trust to violate, only a strange (and completely incorrect) sense that they knew more than the engineers who built the OS in the first place.
In Vista RTM and sp1 turning off indexer was a great solution. It was monster on the drive and memory (5-10 min startups on computers that should be up in 30-60 seconds and were after you turned things like that off). They fixed it in sp2. Superfetch was just as bad as well as the windows defender. Most of that was fixed in win7. I now let all 3 of those services run. The issues were fixed...
The problem is these 'solutions' never go away. They are never revisited. So people just keep applying them because 15 years ago they had an issue with them.
but why would you let indexer run at all when Everything (https://www.voidtools.com) runs faster, is more accurate, and is a small standalone executable?
They are completely different products. Everything searches just file names, while Windows indexer also searches file contents. It is a much more time consuming task.
Still seeing more issues with the indexer on than when it's off. With the indexer on, searching for a file in a directory structure with only a couple hundred files easily takes minutes for some reason. No idea how that thing is supposed to be helping, really. My custom search tool that just iteratively scans folders is practically instant.
Possible. Although having Notepad++ do a content search is still faster. The Windows search usually just hangs with zero results for quite a while. Can find it faster by browsing manually.
>They never had any trust to violate, only a strange (and completely incorrect) sense that they knew more than the engineers who built the OS in the first place.
So regardless of the metrics that support such practice, and casting aside the thousands of people that have routinely seen benefit from the practice, Windows can't be optimized further by the end-user?
As someone who has never encountered a well optimized Microsoft product, and as someone who has routinely had to modify their off-the-shell installs, color me suspicious.
(Agreed, the shady practices and over-zealous disabling of services should stop; but come on -- the end user occasionally understands what they need to do better than the engineer that sold them a generic tool to facilitate generic computer-enabled work.)
I've noticed this on iOS too. There are scams out there that encourage users to install root CA certs in order to jailbreak or get access to non-AppStore apps (this used to be required by one method.)
I don't know what happened to the idea of user friendly software respecting the intentions of a user. Modern OSes really are effectively just well funded socially acceptable malware.
Look Windows has couple of odd settings, but the defaults are just fine. Some people will find reasons to tweak even if there's nothing to tweak. Been there in my teen years, but I grew up.
Well, the "Smart" screen says that WinMerge and KDiff3 are malwares.
Naturally I trust both of them more than so called SmartScreen because unlike Smartscreen, I can inspect their code. Yes, the binaries can contain malware, but the first principles tell me that trustability score is inverse of what is being reported by MS.
Naturally I have disabled Smartscreen and Windows defender and admin rights alerts and bajilion things that internet gurus will tell me not to because I don't know what's good for me. Needless to say, my PC runs faster, calmer and is actually malware free because I don't run unauditable things like Smartscreen on it.
Edit: I get WinMerge binary from GitHub repo, and KDiff3 from official website. As trusted as it can get, short of compiling myself.
This is a work machine so I can't control most of Windows behavior. Personal machine runs NixOS for 90% tasks + Windows dual boot for games without connecting to network because I can't be bothered with disabling Smartscreen and defender every other week.
Yes, and original comment addresses that. In theory WinMerge binary can contain malware. But WinMerge authors have a proven track record against that and they are transparent about working of their application enough through their source. MS and Smartscreen do not have that track record, and IMO have an opposite kind of record with all kind of map/adware practices throughout the system and applications.
So if an untrusted source tells me that a usually varifuably trustable source is not to be trusted, whom do I trust more?
> So if an untrusted source tells me that a usually varifuably trustable source is not to be trusted, whom do I trust more?
I honestly don't understand how you've made this an adversarial situation. It's almost as if you take offense to Smartscreen telling you it doesn't trust your binary.
The system is pretty straight forward, Smartscreen checks the file source against a list of known bad actors. If there's a hit it's saying "I can't vouch for this".
I checked and WinMerge isn't flagged in Smartscreen. The publisher however does not use a signing certificate which results in a UAC prompt.
In any case neither of these features prevent installation, they're just warnings you can circumvent.
Smartscreen does not tell you that WinMerge is malware. It correctly tells you that the freshly compiled build from GitHub is not a commonly used software which makes it more likely to be dangerous. How is that a bad feature to have?
How is that a good feature? Just because something is not commonly used it stops being good? When most software was proprietary and FLOSS was nascent, MS argued that FLOSS was bad, was that right?
Conversely, just because something is used more, does that get the automatic stamp of approval? More than 2 Billion people use Facebook every month, do you consider FB to be more likely to be good for someone? What kind of messed up logic is that?
No. Smartscreen is not meant to single-handedly solve the entire problem of malware. It is just meant to warn you when you are running software that isn't commonly used. It is nothing more than an attempt to provide the user with a useful heuristic. It does not make moral judgements about the software you use like you are saying here.
Only warning people when it isn't common used is a judgment. Why is software that isn't commonly used a danger? Where do you set the limit? Is infrequently used software signed by Microsoft dangerous?
Showing a warning about anything is not value neutral. Showing a popup for infrequently used software says that you value number of users as a measure of software quality.
It usually makes you have a quick rundown about what you are trying to run. If it's some software I got from the projects original GitHub page I make a note of that and proceed. If it's something that should surely not be "rarely used" (eg. A browser,video player,torrent client, etc) I think twice.
That is fine but probably not good for most users. It is easy to tell it not to filter those apps. You can make exceptions. Just shutting it off totally is like changing a router to allow all ports and traffic in because it blocked a port you were using vs making a firewall rule.
Like I found that SmartScreen and defender blocked my ethminer but that is in general pretty smart because it is common to have it unwittingly installed, and I simply said it is OK to run.
For WinMerge it should be noted that some web-sites out-there offer winmerge binaries for download and I bet that some of them are bundled with spyware (they are not affiliated with the official version, but even my tech-savvy friend was about to download winmerge the other day from a non official source, I noticed him that he should use winmerge.org).
I haven't used Windows for a long time but a look at the script makes me think people wouldn't be resorting to such measures if Microsoft wasn't including stupid crap in their operating system.
> Disabling Telemetry breaks Windows updates
> Automatic web searches in start menu
> Application suggestions are silently installed (wat?)
> Allow MS to collect activity history
> Location tracking
> Map updates (who the fuck uses maps on a PC?)
> Tailored experiences (apparently spamming ads on a desktop OS is an experience)
> Advertising ID
> Cortana
This is just from skimming the list for 5 minutes. Not even sure what else is in there.
Siri/spotlight does web searches, maps are included, location tracking baked in under the disguise of find-my (Microsoft also has a find-my alternative), there is an advertiser id built into mac toohttps://developer.apple.com/documentation/adsupport/asidenti...
Really the only thing different is Apple has made it seem beneficial to users where Microsoft just comes off spammy.
It's not all optional and off by default... They only ask about sending debug data to app developers, siri, and I believe find-my. Apple is a little worse since they try to force you into entering your credit cards for Apple pay.
> It's just a matter of time for it to actually work as expected though.
Eh, I mean they just recently made it effectively useless on iOS (requires a prompt before it works; unsurprisingly very few users give permission). Not sure why they'd go the other direction on MacOS... I suspect it's just there for Catalyst compatibility.
Not quite for a lot of it - e.g. it asks if you want to use Cortana as your personal assistant but selecting no isn't the same as disabling it (integrated into start menu functionality) or when it asks if you want to opt into telemetry and you uncheck it you're not saying "no telemetry" by unchecking it you're saying "basic telemetry only".
Just as the note from the author says: Never run scripts without reading and understanding what they do.
This is an outdated fork of a configurable script that I use to do initial config of my windows 10 machines. But I've created my own config saying which functions to run and which not to run based on reading what each function actually does. I'm an IT pro, I knew how to do most of these tweaks in windows settings or group policy, but it's still easier to just run a script than to perform hundreds of clicks, especially when the settings get reorganized in every other windows update.
And as this is HN, I expect lots of people here being IT pros, so I would correct you here: Don't run this stuff if you don't understand what it does.
Just not this stuff, any stuff without review. A lot of Windows advice has sadly always been the equivalent of curl | sudo bash - and the culture proliferates this practice. But it also highlights that Windows 10 is unusable without Group Policy, which is an almost sane interface for Windows "tweaks". Windows editions without full group policy support are essentially garbage.
To me, I'd never run someone's prefab cleanup script, but I find this script really nice because it's documented, categorized, and there's a lot of useful PowerShell in here, if you're looking for specific things. There's plenty of commands in here I use, and plenty I'd like to... along with quite a few I definitely would not.
They're not a horrendous idea. This is forked off of the script that I've been using for years. All of the settings it touches are very clear since each change it makes is configured right up front.
I purposely disable SmartScreen because I don't need information about applications I'm running shipped off to Microsoft. Setting the current network to private is handy after a first-time install since Windows often doesn't prompt and defaults to public.
I mean, sure, SmartScreen is an important security service that should not be disabled if you're OK with hashes of every executable you run being transmitted to Microsoft.
Totally agree with this. I’ve not seen one of these things that isn’t seriously dangerous to run.
As with all these things, the road to hell is paved with good intentions, apparently by tinfoil hatted nut jobs who don’t understand the problem domain well enough to be making decisions for people who know even less than they do.
This criticism is a bit unfair. It's a gist on github, which you are supposed to read and understand as the author states in his opening disclaimer. The statement for enabling SmartScreen is also included.
And no, your machine gets not owned when you disable SmartScreen - there are other protective measures you can take.
> service that absolutely should not be disabled unless you want your machine to get owned.
SmartScreen sends all your file hashes and unique computer info to Microsoft. If you're not stepping into weird links and running weird executables it's really not doing much for you.
Could not disagree more, SmartScreen is a horrendous idea.
You should only be installing verified trusted apps you can verify the sources or hash for, farming this out to a third party, even if its MS, is a great way to open yourself up to watering hole attacks.
Furthermore, you are encouraging poor user behaviour with "oh man this app said my app is good" and then ending up with all manner of poorly vetted bloatware, not to mention antitrust and legal issues.
Really it should be possible to completely remove and/or replace this whole component.
As for network, why aren't running from behind a properly secured connection? That's just bad practice. If you want to connect from a coffeeshop or whatever, set your firewall to block everything by default.
Thanks for the info; I've been concerned enough about Windows 10 telemetry (etc.) to avoid it, and when I saw this script I thought "ohhh maybe I can just do this?"--so you saved me.
Do you have a rec or a resource? I haven't looked seriously at this so if it's just like "google it" mea culpa, but it seems like there's a lot of misinformation and what not out there. I saw "O&O ShutUp10" in a sibling thread?
I think I would think about specific Windows Telemetry that you want to disable and more importantly, why (i.e. "What's the Threat Model around Microsoft knowing this"). Because the vast majority of the telemetry collected by Windows is simply to make Windows work better - things like "Upgrade failed because $REASON" or "$DRIVER is causing performance problems".
You can see a lot of the kinds of telemetry that Windows is interested in if you go to Event Viewer => Application Logs => Microsoft => Windows, if you read it you see that it's like, Google Lighthouse style stuff, to make Windows faster and more reliable
Use these scripts to figure out the kinds of things you don't want to run, then make really targeted "Disable This" choices
I don’t have a problem with the telemetry on windows. I’m unsure why everyone gets so upset. MS isn’t collecting stuff to shove advertising down our throat. It’s getting usage to figure out what’s wrong with windows and make it better. As you say.
I have issue with Facebook and Google blatantly collecting whatever they can to build profiles of us all to shove advertising down our throat that isn’t even relevant to us.
The thing is this script is not only about telemetry, but also about disabling some annoyances that are especially annoying in server or workstation environment.
I don't think there's an up to date resource describing all these tweaks. My recommendations:
- Use the original script, it's slightly more up to date, last update was in november 2020: https://github.com/Disassembler0/Win10-Initial-Setup-Script
- Read it's library of tweaks, especially the notes about potential unwanted side effects in comments. If you don't understand what each feature does, google it. The tweaks are grouped.
- Don't enable any tweak where you don't understand what it does, especially in the security and network tweaks categories.
I use O&O ShutUp10 and it is much more approachable. Rather than immediately enabling and blocking settings, ShutUp10 gives you recommendations and you can reasearch individual settings you aren't sure of.
I agree. If you want a stripped down Windows use Windows 10 LTSC. It's everything anyone wants from Windows without any of the cruft. I'm a Linux person but when I installed LTSC for my wife all her complaints about sudden reboots and other unwanted behavior evaporated.
Makes you wonder why they bother with any other Windows.
most of these things also look for registry file entries that point to non existing files and they have no regards for parametric entries (i.e. c:\users\{current}\blah) so they wreak havoc on your installed services and applications.
You complain about nonsense and than go forward and spread some on your own. You saying that SmartScreen and Defender slows down a Windows machine by a factor of 2 just makes you a nonsense clown.
Yes, I was wrong - its not by a factor of 2, more like a factor or 3 to 5. The best way to make your computer age 10 years in a second is to enable ANY antivirus. There are so many places that you can check that out if you didn't experience it, or u need me to LMGTFY ?
So you decide to double down on your wrongness? Windows Defender has a marginal impact on performance, such that for most users and most tasks it's not even perceptible.
> need me to LMGTFY
You've provided zero evidence to the contrary. The burden of proof is on you.
> As far as I can tell, as long as Windows Defender (and presumably other A/V scanners) are running, there's no way to make the Windows I/O APIs consistently fast.
This is really even a common knowledge - if you did ANY IT work, you should already know it. I can't count the number of times when server wasn't working correctly when it turns out it just has Defender on.
Yes, PC desktops commonly run AV which can impact certain common subsystems in their routine operations. This is true on Windows, Linux, and MacOS. This is perfectly reasonable for the 99% of PC users that are not programmers and power users.
> it just has Defender on
It's unfortunate Defender would come pre-installed even on Server.
Yeah, because I am not babysitter. You should do your homework :) I am glad when people hint me good info.
I do have ample personal experience - when government web server was randomly dropping from 2k req/s to 2 req/s we disabled defender and from there we had continuous 2k req/s. I have seen this literary hundreds of times. Not sure why people install AV on servers but its common in banks and similar. On home computers its even worst. I witnessed new laptop computer with 2 AVs - defender + something vendor installed like mcafe. It was so slow that while typing letters appeared 1/s.
AVs inject themselves on number of places and do all kind of "funky" stuff. All power users should disable that junk. You have other means to protect yourself. If you are grandma, sure, go for it, but grandma will not run "Reclaim Windows10" from github gist, no ?
Context is everything. It certainly doesn't justify above comment claiming "DO NOT DO THIS!!!" on HN. Its utter nonsense. We are here to talk about hacking things by definition. Power users customize their OS, not the other way around. Its pity that MS doesn't provide minimal OS (like Linux OS's usually do) but the first thing I do is not run single script like Reclaim, but dozen of such scripts and my healthy nervous system thanks me all the time because benefits are huge and minuses are minor and fixable.
If anything, we need more projects like that, more polished, more documented, more maintained. My personal fav so far is [1]
Nobody uses antiviruses on Linux (except if they host a mail or file server). As far as I know most people who use MacOS do not either. It is true that a lot (most?) windows users use antiviruses but this is not an argument against the claim that it causes massive slowdowns.
> Windows Defender has a marginal impact on performance,
Oh, come on; there are issues like this: https://github.com/rust-lang/cargo/issues/5028 and the app developers do handstands in order to minimize the impact; for example, cargo guys had to redo their file closing on Windows to be done asynchronously, so they would not have to wait for Defender.
I’ve read some criticism towards this script and/or these kind of scripts in the comments. The criticism should instead be directed towards Microsoft, which decided to treat their customers (even alleged „Pro“ customers!) like babies and force useless bloatware, ads, telemetry and the absolute worst update system of any OS ever upon their users, thus making these kind of scripts necessary to begin with.
> The criticism should instead be directed towards Microsoft,
Totally agree that MS deserves criticism as you correctly point out. However, criticism towards the script and similar is equally valid (and important).
Yes you’re right of course, I should’ve phrased it differently. I didn’t see any criticism geared towards MS, so it kind of felt like shooting the messenger.
> examples been provided that explain why the specific settings are problematic.
I've seen some opinions, but none could be objectively evaluated as really pointing out problematic settings. They were more in the area of subjective preferences.
> They were more in the area of subjective preferences
But this is exactly the point behind the criticism. The script is presented as “run this to make Windows better/safer”. If you did that without evaluating and understanding these subjective preferences, you might end up in a worse state than you started in, because maybe some of those preferences don’t really match your needs.
Generally, I don't think Windows 10's telemetry features are privacy-violating. Most of the telemetry (especially if you choose the "required only" option in setup) is just for crashes and basic usage data (they won't use it for advertising for example, like Google or Facebook); that said, I use pi-hole as my DNS which blocks a lot of the Microsoft URLs used by telemetry.
However, my biggest issue is simply bloat. With every major update on Windows 10 we get more and more crap running on the OS. A fresh install of Windows 10 21H1 uses 3Gb+ of RAM and that is insane. There are things like "YourPhone" which is an app that starts at boot and cannot be uninstalled which is supposed to help integrate your Android phone - I have an iPhone and couldn't use it even if I wanted to, but I still pay 4Mb of RAM for having it running. I can probably disable half the services that are set to start automatically and still have a working OS.
Tried using something like winreducer to actually strip out the binaries instead of just turning stuff off via registry, but it's tedious; nowadays I just do a regular install then go into task scheduler and remove 1/2 of the needless crap then manually disable 1/4th of the services and use some PowerShell scripts for removing un-removable apps.
I miss the good-old days of Windows 2000 where we booted the OS with < 90Mb RAM and a couple dozen processes.
Windows 2000 was bloatware compared to NT4, which ran comfortably in 32 MB of RAM and had basically no limits on 128 MB. (All of office, photoshop and visual basic multi tasking at the same time smoothly.)
I don’t understand why modern OS’s need multiple gigabytes of RAM just to boot. I get that they do more than NT4 and windows 2000 did, but still, why isn’t a gigabyte enough? I would like to read an OS engineer’s take on it.
I started using Windows in the 3.x days, and the amount of crap I have to "fix" every time I make a new install increases with each successive version... and to think I used to be mildly annoyed at having to enable file extensions and showing full paths back in the 9x/2k days.
It is interesting to think how the incentives grew to make developers create applications which are more attention grabbing with time.
In the msdos days, an app was installed to a directory.
In the win 3.x days, an app was installed to a directory, created a program group OR shortcut on the desktop.
In the win95 days, an app was installed to a directory, created a program group AND shortcut on the desktop.
In the win98 days, an app was installed to a directory, created a program group, shortcut on the desktop and quicklaunch bar.
In the win98se days, an app was installed to a directory, created a program group, shortcut on the desktop, quicklaunch bar and systemtray when run.
In the winme days, an app was installed to a directory, created a program group, shortcut on the desktop, quicklaunch bar and systemtray when the system started.
In the winxp days, an app was installed to a directory, created a program group, shortcut on the desktop, quicklaunch bar, systemtray when the system started and changed your default homepage.
In the winvista days, an app was installed to a directory, created a program group, shortcut on the desktop, quicklaunch bar, systemtray when the system started, changed your default homepage and added toolbars on ie.
In the win7 days, an app was installed to a directory, created a program group, shortcut on the desktop, quicklaunch bar, systemtray when the system started, changed your default homepage, added toolbars on ie and showed ads when run.
In the win8 days, an app was installed to a directory, created a program group, shortcut on the desktop, quicklaunch bar, systemtray when the system started, changed your default homepage, added toolbars on ie and showed ads when the system starts.
In the win10 days, an app is installed to a directory, creates a program group, shortcut on the desktop, quicklaunch bar, systemtray when the system started, changes your default homepage, adds toolbars on ie/edge, shows ads when the system starts and constantly tries to convince you to use this program or install others.
I actually don't know if ie/edge still have default homepage or toolbars, but you get the idea.
To be fair, you sometimes had to open the machines and fiddle with irq's and other things I already forgot about.
I remember one machine, where I couldn't get sound blaster mouse, printer and modem to work at the same time.
I do agree that nowadays software companies expect to just own you if you use their products. The sad part is that what Microsoft is doing is "normal" or even minimal compared to what Apple or Google are doing. And it's getting worse all the time.
Fortunately Linux desktop is good enough this days for most tasks.
Who cares about operating systems any more? That seems like a solved problem and frankly all the major ones are fine these days.
Computers are chosen based on applications. If you want to play games, you are probably buying a Windows PC. Developing iOS apps? You want a Mac. If you just need a browser, then a Chrome Book or iPad is probably a good choice. I'd bet a lot of people here use three or more operating systems every day on different computers doing different things.
No Windows version since XP has been fine. They varied from utterly unusable crap to barely tolerable. I honestly never understood why people use Windows, is there an argument other than "I'm used to it"? I still have a small Win partition installed for rare Win-only things and every single time I interact with Win 10 I remember how utterly broken it is. Like the moment you boot, you're bombarded with crap that has flashy colors, animation some even sound too. It feels like that one Futurama episode about AOL.
> is there an argument other than "I'm used to it"?
Yes. The argument is "I want to run X and it only runs (or runs best) on Windows|Linux|macOS. People don't fire up their computer because they want to use Linux or Windows, they fire it up because they want to play Assassin's Creed or XCode.
Can confirm, one of my friends really wanted to use Linux (because she doesn't trust microsoft and tired of windows being bloated, she has a rather slow laptop), but her colleagues constantly send her some .docx/.xlsx files that simply won't work with openoffice or other alternatives.
She tried very hard with Wine, PlayOnLinux, tried all sorts of alternative offices, VMs, but gave up and had to install Windows anyway because majority of people simply refuse to use open data formats and use proprietary closed formats.
I'm also running Windows because I have to do some CorelDraw drawings and don't want to bother with wine etc. Otherwise I would be running Linux for sure.
I consider Windows 7 about the only acceptable version of Windows after XP. Everything else between XP and 10 (inclusive) has been a failure to some degree (with Windows 8.1 perhaps being a minor failure compared to what 10 became later on).
I have never met a single person in my entire life who likes using Windows. Everyone I know claims "yeah it's crap but this CAD/Industry standard software works only in Windows". I would guess they exist but I'd bet money they don't make up 99% of users.
You're kind of making the same point I was. People don't choose an OS for the sake of the OS, it's for the application support.
I like using Windows as much as macOS or Linux. For different parts of my day I'll be using Windows or Linux or Android or iOS and at on each system the OS is there to support the applications I want to use.
> I have never met a single person in my entire life who likes using Windows. Everyone I know claims "yeah it's crap but this CAD/Industry standard software works only in Windows".
If this is not a walled garden, I don't know what is. Linux is certainly not a walled garden.
In computing, a walled garden is a closed ecosystem controlled by the platform owner.
None of Windows, macOS, or Linux are walled gardens because all of them allow anybody to publish software for those platforms. You don't need approval and you don't need to distribute through a central authority.
iOS, on the other hand, can only load apps from the App Store and that store only carries software approved by Apple.
What you are talking about is proprietary software. That's a different beast.
Maybe you are right in terms of strict definitions, but in reality the proprietary software effectively creates the walled garden from which the users can't escape.
It's no more unconscionable than to suggest that a person may need a pickup truck for their job in construction during the week and a sports car for their racing hobby on the weekend.
Except that the very point of a general purpose computer is that, to use your analogy, your car can spontaneously sprout parts and reform the chassis as needed. Aluminium frame with a pair of wings and four jet engines one week for that overseas trip, a heavy duty frame with a winch for the construction job on Friday, a napalm launcher for fighting kudzu in your front yard (a stretched analogy, but you can see where I'm going with this).
All of this is enabled by software, which costs nothing at all to replicate unless it's restricted via copyright law. This is very much unlike every other hobby, where specialised tools cost money to duplicate.
I wish it were just a matter of software. It would be nice if my iPad could magically have a GPU as good as my gaming PC or my gaming PC could become a 12" tablet with a 10 hour battery life.
This is a great tool, but remember to re-run it periodically (especially after updates) as Windows 10 will "helpfully" re-enable stuff you have disabled.
I switched to dual booting Linux mint and Windows 10 on my home desktop. Work laptop has been linux only for years. I've only used windows a couple of times, because these days I'm mostly just using a browser.
By the time you've "reclaimed" Windows 10, there'll be an update that undoes your work, so it doesn't seem worth the effort.
If you have access to it, through partner or MSDN or corporate licensing or otherwise, it is really worth installing the Windows 10 Enterprise LTSB/LTSC versions.
It has most of the annoying things that plague consumer versions of Windows 10 stripped out, and it gets a very different cadence of updates, restricted to security and quality fixes. No Cortana, no Edge installed by default, no built-in Store universal apps.
It's rock solid; I have never gotten a bad update pushed to any of my boxes running LTSC over the past five years. If you want a Windows workstation that just works, and will continue to work without fiddling, this is it.
Are you sure this is a good thing? As much as I don't like Edge, aren't the alternatives either IE or no browser? It's not like they'll ship Firefox preinstalled instead.
The LTSC images are based off of Windows 10 when they were still shipping non-Chromium Edge as the default browser in the consumer versions, so not having that around is a plus.
You get really good at this kind of thing when you're building large scale virtual desktop systems. Suddenly, the random updates, scans, or whatever translate to a million IOPS on the SAN and a widespread outage of unrelated systems.
In my experience, most editions of Windows 10 are simply unredeemable. You have to start with an LTSC edition, which behaves more like XP used to: Very little bloat, no forced patching, everything except what you actually need turned off by default.
Meanwhile, Microsoft recommends that you don't use LTSC. Prefer the normal editions. Use LTSC only if required. Please don't use LTSC. Don't disable Telemetry! LTSC is for special customers only. Use the Current Version for the latest features. The Current Version has many benefits that users enjoy! Consume Soylent Green! Eat it. Eat it.
I don't think anyone has the time to audit every line to ensure there's nothing malicious in there.
On a side note, this also made me realize my desktop barely has any non-mainstream "low-trust" applications anymore. Back in the early 2000s, I remember my computer is filled with random win32 apps. The most fringe app I have now is "Bulk Rename Utility".
(Not so) fun stuff about the Linux services shovelling.
Having the snapd daemon running is not necessary (it may actually be undesirable).
At least on Ubuntu though, snapd can't be regularly prevented from starting at boot (`systemctl disable`) - it needs to be masked (`systemctl`, essentially, a forced disable). But if one masks it, the Ubuntu daily update will hang.
Well, one can't say that Ubuntu isn't catching up with the times :) /s
Not sure I entirely agree with this. The whole point of Ubuntu is that it's essentially turn-key. I installed 20.04 LTS on my old XPS13 and my girlfriend used it for months before realizing it was any different from a Mac. That's a good thing. That's one fewer user of MS or Apple.
For people like us, there are so many other distributions that align more with our use cases. Manjaro or Fedora are just as good as Ubuntu, but for potentially more savvy users. Or if you really really need complete control nobody is stopping anybody from running Gentoo with OpenRC. Or, the most sensible option, just use Debian.
The whole point is to give the user choices, that's the entire purpose of the Gnu/Linux universe.
This, a thousand times this. It's strange it's still somewhat under the radar, it should be much more widely known. They call it LTSC, but it's really Windows As It Should Be.
Just asked this a day ago but got no reply, so here it goes again: it looks like there could be strings attached, possibly due to my ignorance though - can this be licensed to a single user? Recently I was working on a machine with an LTSC release (not mine, acquired by another company) and it didn't seem possible to apply updates, just saying 'contact your system administrator to update'. So I told the company they'd need to sort that out eventually but they also had no clue, and they called the shop wehere they got it but there also no sane response. This is just one data point of course, but does make me wonder: if you as a normal non-enterprise customer get this problem, what's the way to deal with this issue?
Possibly misreading you, but updates behave differently in LTSC. It stays at the same level (1809 in LTSC) until the next major release and just auto-installs (very quickly, in between reboots and without forced prompts) security updates every couple of weeks or so.
Hmm. Machine is gone so I cannot check again, but pretty sure if I'd go to the Windows Update window it would say the standard 'updates are available' or similar and have a clickable 'Download and install'.
I presume that Microsoft has found that home users value having a cheaper PC with ads, over a more expensive PC without ads.
Similar to Gmail and the likes of numerous SaaS companies. There's a freemium version with ads (or some type of limitation) or a paid version without ads (or said limitation).
Basically, tell an ISV (like Connection.com) that you want a small business relationship w.r.t. Microsoft Licensing and they'll set you up. You might have to buy a few random CALs to qualify, but it's totally possible and a godsend.
If MS wants Windows to become a developer platform, as they seem to (WSL, VS Code, GitHub), they need to offer a version of the OS without all the safety guardrails bullshit. Treat me like an adult please.
You can keep windows on a VM for tools or services that only work on windows. For higher performance, just keep a separate partition and dual boot it for the cases you need.
You get the options to both enable and disable the steps so that's half the lines. Then there's lots of things like "DisableLockScreen" which are not really related to the goals at the top.
It's definitely not 2.4k lines to disable telemetry.
At least 70% of what's in the script can also be done via the UI, and I'd say another 10% is stuff you really shouldn't do anyway (disabling SmartScreen etc.)... The telemetry bit is about 20 or lines, if that.
SmartScreen is not Windows Defender, the latter is the antivirus with its own regularly updated database, firewall, etc.
SmartScreen basically sends your files to Microsoft, for "enhanced security" or something.
FWIW I put Defender on notification only mode because Microsoft ever so helpfully removed the actual quarantine directory and now files dumped into quarantine are basically unrecoverable.
I just use the firewall with a third party interactive GUI and block anything that I can't identify.
I know what SmartScreen is. It's also useful to keep on as it's a cloud anti-malware service. It does not send your personal files to MS. Stop with the lies, please.
No they haven't removed the quarantine restoration option. You can mark any file it quarantines as safe, and it gets restored and never flagged again.
This does not send personal files to MS, no. It sends executables that have been already flagged as a virus through other methods (e.g. heuristics). Also this is part of Defender, not of SmartScreen.
Files or hashes, I don't care. It's a dumb idea when Defender already exists.
Yes, the quarantine is still there. But if Defender can't pull the file out, you can't just open the folder manually and cut-paste anymore. Your file for all intents and purposes is gone.
Granted most people will never have to worry about this.
I have had good results with the decrapifier script by CSAND on spiceworks [0]. It's been getting maintained for a while now and it's on spiceworks so while I'm not a windows nerd enough to judge it, I'm pretty sure it's good if not great. I used this tutorial [1] when installing a new machine, you run it in "audit" mode before the out of box experience. I used -appaccess and -xbox. In my case I'm giving this PC to a friend so she'll get the new PC experience without the start menu garbage.
I think this is on topic but would something like https://ameliorated.info/index.html be a better idea to get rid of any bloatware and help address any privacy issues?
I haven't personally used it but a friend of recommended it to me.
I do; I installed on both my personal laptop (2012-ish Alienware 17) and my wife's laptop (2020 Asus Vivobook).
The first thing to note is that Windows Update is completely removed, so unless you have fairly-current Windows 10 drivers, you'll never automatically download drivers. Asus doesn't provide an up-to-date ACPI driver, so my wife's laptop was always running at full throttle (which means constant fans) and couldn't sleep or hibernate, and several devices went unrecognized the entire time. Ultimately, I ended up reinstalling the retail version of Windows 10 that was included with the machine and after a few updates it's back to its initial state. Of note, I also tried Windows 8.1 (no drivers available) and Windows 10 LTSB (no ACPI drivers again).
For myself, I've had absolutely no issues with it. All my devices were recognized and it boots extremely quickly (~8 seconds from cold boot on a SATA SSD). Most of the stuff I didn't like about Windows 10 is ripped out. If you're a fairly technical user who's cautious about what they download and run, it might be ideal. I have no problem wiping my machine occasionally, so running without security updates isn't something I'm too bothered about.
I installed this to test it out (in a VM) and got a login prompt asking for a password. I went to their site and found no documentation about this at all, so I just never touched it again. It could be changed and no such prompt appears. I might have to try it again.
This kind of black box solution gives you nothing but a false sense of privacy and/or security.
I've come to a conclusion that either you want an OS that respects your privacy, or you want Windows. These two are fundamentally incompatible and at most, you're going to end up doing damage control.
I like this one mostly clean code (a little repetitive with those disableXXX/enableXXX functions but not a mess of regedit commands), obviously not for the default choices with are kinda weird and old becase wifi sense has been removed since 1803 (afaicr) but its definitely a lot nicer.
People have spoked with their wallets, they are starting to buy Apple because "its better, more easy than windows and has resale value" but the reality is that apple does the same or even worse than microsoft, the main difference is that in Windows there are still ways to disable this functionalities in Apple they are tightly integrated on the macOS and can't even disabled without crippling your user experience.
The last one of those was a strike, not a boycott. (Also, I don’t think that Irish government altered their import policy because of eleven striking workers at one store.)
Concerning the other two, the Nestlé boycott does not seem to have had much, if any, impact, and it’s at least debatable if the Nike one did much, and if it did, then the impact is not due to informed individuals “speaking with their wallet”, but the wide publicity.
This is why I specified “consumer-level”; a boycott which includes continuous publicity from major media is no longer consumer-level.
They held a strike because they refused to handle south African goods which is essentially a boycott. Their actions led to a lot of publicity in the country and internationally at the time which put pressure on the Government to act.
“We got an awful lot of knocks back. People who we thought would have supported us: the Church, the government – who were all members of the Irish Anti-Apartheid Movement at the time,” she said.
The Dunnes strikers were given their greatest endorsement when the South African Bishop Desmond Tutu – at the time a vocal and renowned critic of apartheid – asked to meet them as he travelled to collect his Nobel Peace Prize in the December after the strike started.
It then proceeds to set your current network as Private (aka "open all the ports") regardless of which network you're connected to - hope you're at home! Other changes are completely superfluous, like disabling "3D Objects" which has already been disabled in the latest Windows version
Just don't run this stuff.