flipping settings manually, you don’t really need to be changing so many settings at all. for privacy, disable telemetry, error reporting, and don’t sign in with a microsoft account and you should be mostly good. for security, just do some defender hardening and read thru the microsoft security baselines and enable settings that are both relevant on a non-enterprise machine and also aren’t enabled by default (there aren’t many of these settings)
1 Like
I did not notice with hotcakes script you can pick and choose different sections. Would it make sense to do the Microsoft baselines category? I also see that bitlocker is configured to the max.
i wouldn’t use any sort of third-party script, microsoft already has a script for applying their security baselines, though most of the settings there are geared towards business usecases. applying all the settings there will just cause unnecessary breakage, with many settings having little to no security gain outside a business environment
Oh for sure. Very new to this so thank you for the insight!
1 Like
Frankly I find that hardening privacy on Windows manually is overwhelmingly complex and unpractical to manage for the average user.
Also many settings can be reverted after system updates and you can’t review all of them every month.
Privacy.sexy is nice and open source, has infos about what a setting is doing but it can’t detect which settings are already applied so you don’t have any overview of your current state.
I finally decided to trust a third party app O&O ShutUp10 to be able to apply and keep track of privacy settings and I’ve never had any problem.
The app clearly shows which settings are applied, which one are not recommended and could cause breakage and provides infos for every single item. Also prompts for a backup restore point before applying changes.
The software is not open source but devs are an official Microsoft Partner so that gives me some kind of trust about quality of code.
It is simple, reliable, portable, actively updated and it just works.
4 Likes
Oh that’s cool! Is it weird they are endorsed my microsoft?
They’ve got a lot of other products available, so I would say it isn’t weird.
Oh for sure
Does it make any difference security features wise if you install browser from the Microsoft Store or just as .exe? And is there any privacy trade off?
Privacy.sexy is definitely not a finished product, but I feel like it is the most transparent. I run it every time there is an update (I ran it 3 times in the past 7 months).
When there are updates, I compare the oldscript to the new one to see what changed. So it is time consuming, but I didn’t encounter any breakages. I use the “strict” options. then remove some of the options (for instance, the script removes Windows Defender, but I use it, so I remove some of the Windows Defender options).
I had a list of what I add and remove form the strict options but I lost it because of a Only Office bug… I could post it if it helps anyone, but it wont be until about 2-3 more months because I just ran the script this week. If anyone interest, please let me know.