Take Control of Windows 10 Pro with these Group Policy/Configuration Changes

Take Control of Windows 10 Pro with these Group Policy/Configuration Changes

Windows 10 seems to have a mind of it’s own doesn’t it? We don’t know fully what data it sends, we have ‘no choice’ but to use Cortana, updates will be installed and your PC will reboot while your using it outside of the 12 hours ‘active’ period. No more. If you have Windows 10 Pro, you have been granted access to the Group Policy Editor. Although it’s potency was diminished in the Anniversary update(restricting some features to EDU/Business), you can still control a number of settings making it worth the premium for the upgrade as well as saving you a ton of headaches if you are a power user.

My Windows installation wasn’t as stable as it had been previously since upgrading to the Anniversary update. As such, I reinstalled Windows and had to go through my usual reinstall checklist. Aka, disable all the annoying ‘features’ in Windows that are enabled by default. This is that list, so I hope you find this useful as well as a good documentation of all the features you may want to change on any new install of Windows 10.

NOTE: I am NOT responsible for the changes you make on your PC. These are suggestions based on my experience and findings online. If you follow this guide you do so at your own risk, and any harm or misconfiguration is solely your responsibility. This guide is intended for those who are moderate to advanced power users who are capable of repairing/fixing their own OS installations in the event of issues/errors. Additionally you should back up your PC and registry before making any changes.

Ok, so now that the disclaimer is out of the way, let’s go over what I changed to regain control of my PC.

Disable Cortana (Web Search) and limit Bing search

Windows 10 Cortana search replaced with standard search.
Hey look! It’s just a standard search bar!

As of August, the Anniversary update brought us Cortana whether we wanted it or not. I myself am one who is old school and opens my web browser to search online, so I absolutely refuse to have Cortana listening to my file/application searches. That’s fine if they want to call Windows local search Cortana, but I want to keep my searches local. Sure any searches to the web are supposedly anonymized, but that ends when you search for a file with your name in it, or SSN, etc. Adjust this setting to ensure your searches stay on YOUR PC.

  • Group Policy
    • Local Computer
      • Computer Configuration
        • Administrative Templates
          • Windows Components
            • Search
              • Allow Cortana – Set Disabled
              • Allow Cortana above lock screen – Set Disabled
              • Set what information is shared in Search – Set Enabled with custom value (see below for the value)
              • Do not allow web search – Set Enabled
              • Don’t search the web or display web results in Search – Set Enabled
Cortana settings as shown in Group Policy Editor
Cortana settings as shown in Group Policy Editor

Below is a filtered list showing the Search setting. It’s in the same location as the Cortana settings.

Bing Search sharing setting as shown in Group Policy Editor
Bing Search sharing setting as shown in Group Policy Editor

For this you will want to update the value based on your choice. I want to limit data as much as possible, so I will set it to Anonymous data only.

You can choose what data is shared with search.
You can choose what data is shared with search.

Once complete you should see that nice local search box as shown at the start of this section(after reboot).

Disable Automatic Restarts for Updates

No auto-restart with logged on users fro scheduled automatic updates installations shown in Group Policy Editor
No auto-restart with logged on users fro scheduled automatic updates installations shown in Group Policy Editor

You know what this is, and I bet you have seen this happen on YouTube or in GIF form somewhere on the net. Someone is streaming a game, giving a presentation etc and suddenly, Windows just restarts. It’s incredibly frustrating that this happens. Especially because at max you can only specify that your PC is used for 12 hours at a time. Sorry Microsoft, this doesn’t cut it. I work 8-5 daily and then use my PC anywhere from 5-midnight. On weekends? I use my PC anywhere from 7AM-midnight. They just couldn’t leave it with picking a time to update like Windows 7. Set it up to auto-install at 3AM, or you get the shutdown and update button? Nope, you update NOW. Forget that. Update this policy and you can tell your PC when it will update again.

  • Group Policy
    • Local Computer
      • Computer Configuration
        • Administrative Templates
          • Windows Components
            • Windows Update
              • No auto-restart with logged on users fro scheduled automatic updates installations – Set Enabled
              • Configure Automatic Update – Set Enabled to custom value

I selected the Auto download and notify for install as this will let me stay up to date, but let me choose when I want to install the updates instead of having it forced on me. Note: This is required for the other setting to work. Both must be set.

Image of dialog to change the Configure Automatic Updates group policy.
Be sure to set this value to have automatic installations blocked.

 

Defer Upgrades

Defer feature updates option in the Settings app
Defer feature updates under the Settings app

One of the biggest advantages of owning Windows 10 Pro is that you can set your machine up to use the ‘Branch for Business’ updates. This means that feature updates(such as the Anniversary update) are deferred for up to 9 months from release to ensure they are stable before you get it. If you have had issues with the last update(as I did) or read about some of the issues with the update you will probably find this setting to be extremely refreshing. Your PC will be unstable no more! Security updates are still received, it’s just those new shiny features are then tested on all the poor Home users before it gets to those of us with Pro. At least the $200 I spent for Win 10 Pro (Retail) has some real tangible benefits.

Disable Telemetry
(as much as possible)

This section is retracted as I ran into issues with Windows updating these registry settings on its own later causing stability issues. However the original steps are left below for reference.

Ok, so you can’t fully disable this anymore without having a special license for EDU/Business from Microsoft. However we can cut back on all the values it is sending out. Is Microsoft spying on all of us? No, I don’t think so. However if I could opt-in to a Windows Experiance program as we could in OS’s of the past, I would feel much better about it than having it default to sending the data it collects. Come on Microsoft, you couldn’t just word it nicely that this option helps improve Windows compatibility with your hardware and slap it into the non-express set up settings to disable and then add the same switch in the System settings?

Settings to modify originally found in this winaero article: How to disable Telemetry and Data Collection in Windows 10

It seems it’s a bit up in the air as if you can truly disable all telemetry now as the policy says one thing, but users from the winaero site have said otherwise. I haven’t checked via Wireshark to confirm if it is working. So just be aware of this.

First you need to add a new registry entry AllowTelemetry and set it to 0:

  • HKEY_LOCAL_MACHINE
    • SOFTWARE
      • Policies
        • Microsoft
          • Windows
            • DataCollection
              • AllowTelemetry (New DWORD, value = 0)
Click for larger image
Click for larger image

Next, we will need to disable some services. These are the values for builds after 1115, however I am guessing they may be renamed again as the original article states they were already renamed in the November Update in 2015.

Here you want to open Services. (just search for Services and use the Services Desktop App).

Now disable Connected User Experiances and Telemetry as well as dmwappushsvc

Click image to see larger.
Click to see larger

To disable these options, double click and adjust the settings shown below.

Dialog to disable services.
Dialog to disable services.

Once complete when you open the Settings app to Feedback & diagnostics, it should look like this(after reboot).

UI confirmation of limited telemetry settings.
UI confirmation of limited telemetry settings.

Reboot

Once you are done making these changes, don’t forget to reboot so they take effect.

I hope this helps, however it’s terribly disappointing that most of these settings require the group policy editor to update. As I reinstall Windows frequently I am debating on creating a PowerShell script to modify these settings. The plus side is Group Policy just creates and modifies registry entries, so finding and updating those via the script just may allow some of these settings for home users(minus the Pro only ‘Branch for Business’ updates). If I do, I will probably update this post with said script, however as I have already taken a stab at learning the commands needed it can be a pain to track down what I need. So if you know of any good PowerShell tutorials for editing group policy/creating full registry entries(including new multilevel paths in a single command) please let me know as that would help tremendously.

Until then, it may just be worth the price to upgrade to Pro is you are having issues with how Windows 10 Home Edition is treating you. As this article shows, you certainly do get a chance to take more control of your PC back. Although now it’s a pain to track down, you can at least still regain control of your PC.

Comments are closed.