Before you begin reading

• Keep in mind that this guide is a work-in-progress. Information may be incomplete.

• This guide is only applicable to users of Windows 11 Pro, Windows 11 Education and Windows 11 Enterprise, or any other Windows editions with access to Group Policy controls. Users of Windows 11 Home will have to upgrade to one of those editions.

Introduction

This is a guide on how to improve privacy on Windows 11, which is growing increasingly hostile towards user’s rights to disconnect. By following this guide, you will be able to make Windows 11 more privacy-friendly. Although, do keep in mind that it will still be using a privacy-hostile system.

This guide will try to mitigate most of the privacy drawbacks of Windows 11, but remember no proprietary OS will ever be as private as a libre OS. Consider switching to an operating system that respects your privacy, if you can. This guide should preferably be followed in a fresh install of Windows 11 to minimize the amount of information already collected.

Also, keep in mind that this is a “living document”, which means this article will be updated as the author obtains new information or discovers new ways to improve privacy in Windows 11. At the time of writing, this guide covers Windows 11 24H2.

Disclaimers

Windows 11 Pro users: About “Required diagnostic data”

Unfortunately, Microsoft does not allow Windows 11 Pro users to disable telemetry completely. Like with Windows 11 Home, Windows 11 Pro users must send at least “Required diagnostic data” to Microsoft. As it turns out, diagnostic data is not just used to help Microsoft’s engineers diagnose and solve problems in Windows–Microsoft can also use it to track and profile users. Consider reading about what Microsoft considers “Required diagnostic data” and how they use this data.

Security Features

While not mandatory and not recommended by author, this guide contains instructions on how to disable several security features in Windows for the purpose of minimizing network traffic. If you choose to do so, please be aware of the potential consequences of disabling each security feature below:

• Windows SmartScreen: By disabling Windows SmartScreen, the user will no longer be protected by Microsoft’s service that blocks known malicious URLs. SmartScreen comes with a serious privacy compromise: When you visit a webpage, the full unhashed URL is sent to Microsoft servers, along with a user identifier. Microsoft claims to not use this data for any other purpose other than for user security. It is up for you to decide whether you trust Microsoft with this data.

Chapter 1: Initial Setup

This guide assumes that you understand the basics of installing Windows 11 from scratch. We will only cover the most critical aspects of the installation that affect the privacy of the installed OS.

It is highly recommended to not connect to the internet before or during setup, and before configuring Group Policies. Your computer will begin sending data to Microsoft as soon as it connects to the internet, so it’s important that you have configured your computer to minimize how much data is sent.

Sign in with a local account–not a Microsoft account

When you install Windows 11, the most important thing is that you do not sign into a Microsoft account during setup if you intend to minimize traffic to Microsoft. If you do, many things you do on your computer will be linked to your Microsoft account. When prompted to create a user account, opt to create local account instead.

Do not enter a password when creating a local account or you will be required to set three security questions. They are notoriously pointless and do more harm than good. After the installation is finished, you may set a password without security questions in Account Settings.

Windows Pro users, read this:

Windows Pro users will have to go through some extra steps, as Microsoft no longer allows Pro users to sign in with a local account, but there are currently workarounds.

1. After installing Windows from installation media, disconnect any Ethernet cables from your computer. Then reboot into Windows for the first time.
2. When the first Windows setup screen appears, press Shift+F10 to open a command prompt. Type the command oobe\bypassnro into the command-line and press Enter, and the system should reboot into setup again.
3. Proceed with the Windows setup as per usual. When asked to connect to a network, click the option “I don’t have internet.” Then enter a username.

Setup Privacy Settings

During setup, you should be presented with a list of privacy choices. Set all of these to disabled. Make sure you scroll down, because there are more than just the first four. Once you have disabled every switch, click Accept to finish setup.

Chapter 2: Group Policies

You must configure group policies to exert a maximal amount of control over the computer’s settings. Prefer configuring Windows through these policies whenever possible, since they are strictly enforced by the OS and will (mostly likely) never be changed automatically. Windows unfortunately has the habit of undoing user settings whenever it updates and can make users feel gaslit.

These Group Policies are similar to the ones in the PrivacyGuides Knowledge Base, but I have included additional policies that are not listed under the original guide. To save myself time of reiterating what the official guide has already succinctly put, here is some important preliminary information about these policies:

“These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.”

“All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We’ve also explained some of our choices below whenever the explanation included with Windows is inadequate.”

In this section, we will be mostly focusing on Administrative Templates. Follow the instructions below to open the Group Policy editor on your computer.

“You can find these settings by opening gpedit.msc and navigating to Local Computer Policy > Computer Configuration > Administrative Templates in the left sidebar. The headers on this page correspond to folders/subfolders within Administrative Templates, and the bullet points correspond to individual policies.”

“To change any group policy, double click it and select Enabled or Disabled at the top of the window that appears depending on the recommendations below. Some group policies have additional settings that can be configured, and if that’s the case the appropriate settings are noted below as well.”

Some important points to consider:

• This chapter will not include instructions on how to disable critical security components of Windows 11, such as Windows Defender and Windows Update. While these services send some data about user activity to Microsoft, the benefits gained from these security features can outweigh the downsides depending on your circumstances. If it is in your best interest to disable any of those features, refer to Chapter 5 of this guide.

• This chapter will also not include instructions on how to disable the Microsoft Store or Microsoft User Authentication as they may introduce unexpected side effects. If it is in your best interest to disable any of those features, refer to Chapter 5 of this guide.

Computer Configuration: Administrative Templates

Control Panel

• Allow Online Tips: Disabled

• Regional and Language Options → Allow users to enable online speech recognition services: Disabled

• Regional and Language Options → Handwriting personalization → Turn off automatic learning: Enabled

Start Menu and Taskbar

• Do not keep history of recently opened documents: Enabled

• Remove Personalized Website Recommendations from the Recommended section in the Start Menu: Enabled

• Notifications → Turn off notifications network usage: Enabled

System

Device Guard

• Turn on Virtualization Based Security: Enabled

  • Platform Security Level: Secure Boot and DMA Protection

  • Secure Launch Configuration: Enabled

Internet Communication Management → Internet Communication settings

• Turn off Event Viewer “Event.asp” links: Enabled

• Turn off Help and Support Center “Did you know?” content: Enabled

• Turn off Help and Support Center Microsoft Knowledge Base search: Enabled

• Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com: Enabled

• Turn off Internet download for Web publishing and online ordering wizards: Enabled

• Turn off Internet File Association service: Enabled

• Turn off Search Companion content file updates: Enabled

• Turn off the “Order Prints” picture task: Enabled

• Turn off the “Publish to Web” task for files and folders: Enabled

• Turn off the Windows Messenger Customer Experience Improvement Program: Enabled

• Turn off Windows Customer Experience Improvement Program: Enabled

• Turn off Windows Error Reporting: Enabled

• Turn off Windows Network Connectivity Status Indicator active tests: Enabled

OS Policies

• Allow Clipboard history: Disabled

• Allow Clipboard synchronization across devices: Disabled

• Allow publishing of User Activities: Disabled

• Allow upload of User Activities: Disabled

• Enables Activity Feed: Disabled

User Profiles

• Turn off the advertising ID: Enabled

Windows Components

Autoplay Policies

• Disallow Autoplay for non-volume devices: Enabled

• Set the default behavior for AutoRun: Enabled

  • Default AutoRun Behavior: Do not execute any AutoRun commands

• Turn off Autoplay: Enabled

Cloud Content

• Do not show Windows tips: Enabled

• Turn off cloud consumer account state content: Enabled

• Turn off cloud optimized content: Enabled

• Turn off Microsoft consumer experiences: Enabled

Credential User Interface

• Prevent the use of security questions for local accounts: Enabled

Data Collection and Preview Builds

• Allow Diagnostic Data: Enabled

  • Options: Send required diagnostic data (Pro Edition); or

  • Options: Diagnostic data off (Enterprise or Education Edition)

• Limit Diagnostic Log Collection: Enabled

• Limit Dump Collection: Enabled

• Limit optional diagnostic data for Desktop Analytics: Enabled

  • Options: Disable Desktop Analytics collection

• Do not show feedback notifications: Enabled

File Explorer

• Turn off account-based insights, recent, favorite, and recommended files in File Explorer: Enabled

Find My Device

• Turn On/Off Find My Device: Disabled

MDM

• Disable MDM Enrollment: Enabled

Microsoft Edge

• Configure search suggestions in Address bar: Disabled

The policy below disables Windows SmartScreen in Microsoft Edge. Please read the Windows SmartScreen disclaimer at the start of this guide to ensure that you understand the consequences of doing so.

• Configure Windows Defender SmartScreen: Disabled

OneDrive

• Prevent the usage of OneDrive for file storage: Enabled

• Prevent OneDrive from generating network traffic until the user signs in to OneDrive: Enabled

• Save documents to OneDrive by default: Disabled

Push To Install

• Turn off Push To Install service: Enabled

Search

• Allow Cloud Search: Disabled

• Allow Cortana: Disabled

• Don’t search the web or display web results in Search: Enabled

• Set what information is shared in Search: Enabled

  • Type of information: Anonymous info

Sync your settings

• Do not sync: Enabled

• Enable Winows Backup: Disabled

Text Input

• Improve inking and typing recognition: Disabled

Widgets

• Allow widgets: Disabled

Windows AI

• Allow Recall to be enabled: Disabled

• Turn off saving snapshots for use with Recall: Enabled

Windows Error Reporting

• Do not send additional data: Enabled

• Disable Windows Error Reporting: Enabled

• Consent → Configure Default consent: Enabled

  • Consent level: Always ask before sending data

Windows Messenger

• Do not allow Windows Messenger to be run: Enabled

User Configuration: Administrative Templates

Start Menu and Taskbar

• Clear history of recently opened documents on exit: Enabled

• Do not search Internet: Enabled

• Turn off user tracking: Enabled

Windows Components

Account notifications

• Turn off account notifications in Start: Enabled

Cloud Content

• Do not suggest third-party content in Windows spotlight: Enabled

• Do not use diagnostic data for tailored experiences: Enabled

• Turn off all Windows spotlight features: Enabled

Desktop Gadgets

• Turn off desktop gadgets: Enabled

Search

• Turn off storage and display of search history: Enabled

Windows Copilot

• Turn off Windows Copilot: Enabled

Chapter 3: Configuring your user account

1. Change your settings

This part assumes that you have configured the Group Policies in accordance to the Chapter 2 of this guide. So, if a setting looks like it should be changed but is not listed in this part, then it is because it was already set with a Group Policy in Chapter 2.

Open the Settings app and change the settings below.

Privacy & Security

General

• Let websites show me locally relevant content by accessing my language list: Disabled

Inking & typing personalization

• Custom inking and typing dictionary: Disabled

Search permissions

• Cloud content search → Microsoft account: Disabled

• Cloud content search → Work or School account: Disabled

• History → Search history on this device: Disabled

App permissions

• You may change App permissions at your discretion. Do note, however, that most of these app permissions only apply to Windows Store apps. Classic apps (Win32 apps) are not restricted by these permissions.

2. Uninstall apps

In the apps section, uninstall everything you know is safe to uninstall and that you know you won’t need. Below is a table of most of the pre-installed apps that come with Windows 11. Some apps pre-installed in your system may be missing from this table. For those apps, use your intuition and best judgment to decide whether or not you can uninstall them. The pre-installed apps can have one of the following ratings:

Symbol	Rating	Description
	Acceptable	This app may be useful for everyday or occassional use and transmits minimal user data.
	Hostile	Apps that are extremely hostile to user privacy that you should consider uninstalling.
	Useless	Deprecated by better, more privacy-friendly alternatives. May be hostile to user privacy and rights.
	Unfriendly	May be useful for everyday use, but more privacy-friendly alternatives exist. May contain some privacy hostile elements.
	Unknown	The author of this guide acknowledges the existence of this app, but does not fully understand its purpose. These apps may be safe to uninstall, unless marked otherwise.

For apps marked Hostile, Useless or Unfriendly, consider looking for alternatives in PrivacyGuides.

Any app marked with an is an app that you cannot or should not uninstall. Attempting to uninstall marked apps may result in system instability or corruption.

App	Rating	Description
Calculator
Clock		Refuses to launch if it needs to update.
Cortana		Deprecated.
Copilot		Microsoft’s AI assistant has an overreaching privacy policy and unclear data usage policy.
Feedback Hub
Ink.Handwriting.Main.Store		Unknown.
Maps
Media Player		Sends album metadata to Microsoft.
Movies & TV		Deprecated.
Microsoft 365 Copilot		Documents are processed by Microsoft cloud servers. Consider privacy-respecting alternatives.
Microsoft Clipchamp		Video data is sent to Microsoft servers. Low quality software. Consider replacing with Kdenlive.
Microsoft Edge		Sends all browsing data to Microsoft and associates it with an unique ID. User settings do not persist and reverse after each update. Microsoft Editor is enabled by default, which uploads typed data to Microsoft’s cloud. Extremely hostile and cannot be uninstalled – avoid using at all costs.
Microsoft OneDrive		Microsoft’s cloud file storage. Has a reputation of uploading files to the cloud without consent. Uploaded user files are scanned by AI.
Microsoft Outlook (new)		Upon signin with an email account that is not a Microsoft account, it uploads all emails to Microsoft’s servers for AI scanning. It also shares the data with Microsoft’s 801 advertising partners – however, this disclaimer is only shown to EU customers.
Microsoft Store		Uses the Windows serial key to track across installations.
Microsoft Teams		Microsoft’s teleconference app. Has an overreaching privacy policy and no end-to-end encryption.
Microsoft To-Do
Microsoft Photos		Has an “Edit with Designer” button that stealthily uploads viewed image to Microsoft without confirmation or consent – no way to turn it off.
Microsoft News		A webpage wrapper for Bing news with additional telemetry and tracking.
Notepad		Windows’ classic Notepad with Microsoft cloud AI. Consider turning off Copilot.
Game Assist
Sound Recorder		Refuses to launch if it needs to update.
Snipping Tool
Solitaire and Casual Games		Solitaire with ads and tracking.
Sticky Notes		Refuses to launch if it needs to update. Nags users to sign in with a Microsoft account and sync.
Terminal
Paint		Microsoft’s drawing app now integrates with cloud AI and Copilot.
Quick Assist		Safe to uninstall.
Xbox Live		May be required if you play games from the Windows Store or games that authenticate with Microsoft Xbox accounts, like Minecraft.
Web Media Extensions		Allows display and playback of some media extensions.

3. Stop Microsoft Edge from running in the background

Microsoft Edge is a behemoth of unduly data collection and collects a massive amount of user data for tracking and profiling. Unfortunately, Microsoft has made Edge extremely difficult to uninstall, so the most we can do is get it out of our way and stop it from running in the background.

Go to Edge settings → System and performance and change:

• Startup boost: Disabled

• Continue running background extensions and apps when Microsoft Edge is closed: Disabled

Chapter 4: Mitigating Microsoft Edge

Microsoft Edge is deeply integrated into Windows 11 – therefore it is impossible to uninstall it without creating system instability and/or unexpected results. There is no known way to turn Microsoft Edge into a fully private browser, even with all the changes listed here. However, these changes will opt you out of much of the invasiveness of Microsoft Edge. Visit PrivacyGuides Browser Recommendations for privacy-respecting alternatives to Microsoft Edge.

This part will go over Microsoft Edge Group Policies and how you can turn Edge into a more private browser. You may skip this part if you don’t use Microsoft Edge in any capacity. But since it’s such a deep-rooted part of the system, the author of this guide believes that it is wise to fine-tune it as much as possible in order to mitigate its privacy-invading aspects.

The most important thing to know is that Microsoft Edge operates an implicit sign-in policy, which means that any sign-in into a Microsoft account somewhere else on Windows (like for example, on Windows Store or Xbox), Microsoft Edge will automatically upload all browser data to Microsoft’s servers without confirmation.

The following is the scenario we would like to prevent:

1. Microsoft Edge inadvertently and automatically imports browsing data from the user’s main browser, (e.g. Firefox), as it has been known to do this, even without permission.
2. Microsoft Edge then syncs all imported browser data [by signing into their Microsoft account automatically, thereby obtaining all of their browsing data without their consent.

This malicious behavior can only be disabled through Group Policy.

1. Install administrative templates

Like we have done in the Chapter 2 of this guide, we will use the Group Policy editor to configure Microsoft Edge. However, the Administrative Templates for Edge are not preinstalled, so they must be downloaded from Microsoft’s website.

Head over to the Microsoft Edge for Business download page and click the download link for the Windows Policy for your processor architecture (64-bit, 32-bit, ARM64). The website should start a download for a file named MicrosoftEdgePolicyTemplates.cab.

A primer on cabinet files: A cabinet file, usually with a .cab extension, stores compressed files in a file library. You can extract cabinet files by double-clicking them in Windows Explorer, much like a zip archive.

To add the administrative templates to your computer, do the following:

1. On the target computer, open MicrosoftEdgePolicyTemplates and go to windows → admx.
2. Copy the msedge.admx file to C:\Windows\PolicyDefinitions.
3. In the admx folder, open the appropriate language folder. For example, if you’re in the U.S., open the en-US folder.
4. Copy the msedge.adml file to the matching language folder in your Policy Definition folder. (Example: C:\Windows\PolicyDefinitions\en-US)
5. To confirm the files loaded correctly, open Local Group Policy Editor directly (Windows key + R and enter gpedit.msc) or open MMC and load the Local Group Policy Editor snap-in. If an error occurs, it’s usually because the files are in an incorrect location.

2. Configure Microsoft Edge Group Policies

If you are not familiar with the Group Policy editor, refer to Chapter 2 of this guide for an explanation on how to access and use the Group Policy editor.

In the Group Policy Editor, navigate to Local Computer Policy → Computer Configuration → Administrative Templates → Microsoft Edge in the left sidebar.

Some Group Policy states may be misleading. Some group policies may need to be enabled so that their described feature can be disabled. These group policies are marked with a warning to highlight these cases.

Change the following policies:

• Allow feature recommendations and browser assistance notifications from Microsoft Edge: Disabled

• Allow features to download assets from the Asset Delivery Service: Disabled

• Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft: Disabled

• Allow queries to a Browser Network Time service: Enabled

• Allow user feedback: Disabled

• Allow websites to query for available payment methods: Disabled

• Always open PDF files externally: Enabled

• Automatically import another browser’s data and settings at first run: Enabled

  • Automatically import another browser’s data and settings: Disables automatic import, and the import section of the first-run experience is skipped

• Block all ads on Bing search results: Enabled

• Block tracking of users’ web-browsing activity: Not Configured

  • The author of this guide recommends that you leave this policy unconfigured, as tracking protection can break some websites. It is possible to change this setting in your Edge profile setting whenever you see fit.

• Browser sign-in settings: Enabled

  • Browser sign-in settings: Disable browser sign-in

• Compose is enabled for writing on the web: Disabled

• Configure Online Text To Speech: Disabled

• Configure Speech Recognition: Disabled

• Configure the Share experience: Enabled

  • Configure the Share experience: Don’t allow using the Share experience

• Continue running background apps after Microsoft Edge closes: Disabled

• Control communication with the Experimentation and Configuration Service: Enabled

  • Control commuication with the Experimentation and Configuration Service: Disable communication with the Experimentation and Configuration Service

• Control Copilot access to Microsoft Edge page content for Entra account user profiles when using Copilot in the Microsoft Edge sidepane: Disabled

• Control Copilot access to page context for Microsoft Entra ID profiles: Disabled

• Disable synchronization of data using Microsoft sync services: Enabled

• Edge 3P SERP Telemetry Enabled: Disabled

• Edge Wallet E-Tree Enabled: Disabled

• Enable Drop feature in Microsoft Edge: Disabled

• Enable Microsoft Bing trending suggestions in the address bar: Disabled

• Enable resolution of navigation errors using a web service: Disabled

• Enable tab organization suggestions: Disabled

• Enable the Collections feature: Disabled

• Enable the Screenshot (previously named Web Capture) feature in Microsoft Edge: Disabled

• Enable upload files from mobile in Microsoft Edge desktop: Disabled

• Enable Wallet Checkout feature: Disabled

• Enables DALL-E themes generation: Disabled

• Enables default browser settings campaigns: Disabled

• Enables Microsoft Edge mini menu: Disabled

• Hide the First-run experience and splash screen: Enabled

• Hide the one-time redirection dialog and the banner on Microsoft Edge: Enabled

• In-app support Enabled: Disabled

• Let screen reader users get image descriptions from Microsoft: Disabled

• Machine learning powered autofill suggestions: Disabled

• Manage QuickView Office files capability in Microsoft Edge: Disabled

• Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled: Disabled

• Microsoft Edge Insider Promotion Enabled: Disabled

• Personalize my top sites in Customize Sidebar enabled by default: Disabled

• Search for image enabled: Disabled

• Search in Sidebar enabled: Enabled

  • Search in Sidebar enabled: Disable search in sidebar

• Set Microsoft Edge as default browser: Disabled

• Set the default “share additional operating system region” setting: Enabled

  • Set the default “share additional operating system region” setting: Never share the OS Regional format

• Shopping in Microsoft Edge Enabled: Disabled

• Show Microsoft Rewards experiences: Disabled

• Show thumbnail images for browsing history: Disabled

• Spell checking provided by Microsoft Editor: Disabled

• Suggest similar pages when a webpage can’t be found: Disabled

• Text prediction enabled by default: Disabled

• URL reporting in Edge diagnostic data enabled: Disabled

• Visual search enabled: Disabled

• Wallet Donation Enabled: Disabled

Default search provider

• Configure the new tab page search box experience: Enabled
  • New tab search box experience: Address bar

Edge Website Typo Protection settings

• Configure Edge Website Typo Protection: Disabled

Edge Workspaces settings

• Enable Workspaces: Disabled

Generative AI

• Settings for GenAI local foundational model: Enabled

  • Settings for GenAI local foundational model: Do not download model

Identity and sign-in

• Enable implicit sign-in: Disabled

• Enable proactive authentication: Disabled

• Seamless Web To Browser Sign-in Enabled: Disabled

• Web To Browser Sign-in Enabled: Disabled

Performance

• Enable startup boost: Disabled

Scareware Blocker settings

• Configure Edge Scareware Blocker Protection: Disabled

SmartScreen Settings

The policy below disables Windows SmartScreen in Microsoft Edge. Please read the Windows SmartScreen disclaimer at the start of this guide to ensure that you understand the consequences of doing so.

• Configure Microsoft Defender SmartScreen: Disabled

Startup, home page and new tab page

• Allow Microsoft content on the new tab page: Disabled

• Configure the backgroudn types allowed for the new tab page layout: Enabled

  • New tab page experience: Disable all background image types

• Enable preload of the new tab page for faster rendering: Disabled

• Hide App Launcher on Microsoft Edge new tab page: Enabled

• Hide the default top sites from the new tab page: Enabled

3. Update your profile settings

Even some settings cannot be modified through Group Policy. Open Microsoft Edge settings and go to Privacy, Search, and services.

Search and connected experiences

• Get notifications of related things you can explore with Discover: Disabled

4. Post-mitigation

It is wise to avoid using Microsoft Edge even after applying all of the above mitigations, as it has a stark reputation for disregard of user privacy. Even after applying the above mitigations, Microsoft Edge still:

• Communicates with tracking domains upon launch (.scorecardresearch.com, browser.events.data.msn.com, c.bing.com, etc.)
• May introduce new privacy-invading features in future updates that will be enabled by default.

Visit PrivacyGuides Browser Recommendations for privacy-respecting alternatives to Microsoft Edge.

Chapter 5: Further minimization of network traffic (Advanced)

This section will contain instructions on how to disable Windows Update, Windows Store, SmartScreen, Xbox Game Bar and some other services to minimize network traffic to Microsoft. TODO

Chapter 6: Preventing unwanted Microsoft traffic with Portmaster (Advanced)

This section will contain instructions on how to further minimize Microsoft traffic using the Portmaster firewall. TODO

Last edited by @banana 2025-06-12T03:54:18Z

Thanks for the great guide!
btw, there are TONS are windows’ privacy/security/hardening guides on github. I wonder if you could recommend any.

Also, could this guide be applied to Windows 10?

btw, there are TONS are windows’ privacy/security/hardening guides on github. I wonder if you could recommend any.

The only one I know to be a safe guide is beerisgood/Windows11_Hardening. The most important things about Windows 11 hardening and privacy guides are:

• Reconsider or be skeptical of an author’s advice if they promote “anti-telemetry” tools like O&O ShutUp10, Windows debloat scripts, etc.
• If the author suggests using a custom Windows image (Ghost Spectre, ReviOS, Tiny11, etc.), run away.

Use official Microsoft Documentation to tune your system, and understand what you’re doing.

Also, could this guide be applied to Windows 10?

Sorry, but I don’t know. Since I no longer use Windows 10, I can’t provide any advice on it.

I stronlgy agree to stay away from any guides/articles that recommend non-official releases of Windows(such as Ameliorated) or any third-party tools that are closed source (since Windows itself is enough closed-sourced)

What do you think about scripts that totally rely on Windows’ default features? Privacy.sexy would be a good example. IMO, any tool that is fully open-source and uses only built-in Windows’ features is generally safe since they essentially just automate the processes any end-user could do.

I’ve heard of privacy.sexy and just looked at some of the scripts they provide. I can’t recommend it, since I’ve personally never used it, but I don’t advise against using it either. I can’t attest to the quality or reliability of the scripts they provide.

It looks transparent enough to me – that’s enough for anyone to judge whether it will be useful to them. The most I can say is that you should ensure you review the script and only run it if you fully understand what it does.

You could do your own version of modified windows 10 or 11.
I do a privacy version of windows 10 LTSC, windows 11 pro and windows 11LTSC.

I used ntlite.com ( paid version), if you want to try it out, I can share my settings.

This the best solution because it does a fresh and clean install beforehand.

Thanks for posting your guide to the forum! Would you like to include this in the Community Wiki section? We are working on a Windows guide funny enough; any assistance is greatly appreciated.

We can discuss this privately through DMs if you would like.

Yes please!
Feel free to reach out to me in DMs. I’d be happy to help.

It looks like I’ve exceeded the character limit for the Microsoft Edge section. @KevPham, would you have any suggestions? Should I make a separate thread? I’m not very familiar with the forum software, so I appreciate your patience on this matter.

All I do know is that it would be nice to have all of these in one post, though.

The post character limit is now increased.

For readability, you may also consider separating the other parts into their own articles. All that is entirely up to you though.

One potential candidate can be a new Microsoft Edge article. Again, this is only if you want to.

For the Group policies section, it might be better if we merge your included suggestions into Jonah’s article!

However, we both need to double-check those changes though. Lets hold off at that for now and keep them here until we verify everything.

Yes, please do feel free to merge! I assume you mean this article.

It seems like I can no longer edit the post. Maybe it’s due to age or because a set amount of people have already viewed or replied to it.

@jonah @KevPham Could I please have permission to edit the post? I would appreciate it very much.

Fixed!

Thank you!

I’ve added the Initial Setup chapter. I’ll add some images sometime.