It’s important to note and observe that while the script is based on Microsoft's recommendations and best practices and I have successfully used it in various environments, there is no 'one size fits all' solution. If you do not want to run into compatibility problems, then you should carefully review each setting that the script applies and remove undesired configuration changes to accommodate your requirements. Identify which Windows system services, scheduled tasks, and features you intend to disable, and then carefully verify them in a lab environment.

Key Features:

Configuration Settings

The following sections list additional information:

Services:

The script will disable following services:

• Microsoft Account Sign-in Assistant
• Windows Error Reporting
• Xbox Live Auth Manager
• Xbox Live Game Save
• Xbox Live Networking Service
• Xbox Accessory Management

Scheduled Tasks

The script will disable following scheduled tasks:

• Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
• Microsoft\Windows\Application Experience\ProgramDataUpdater
• Microsoft\Windows\Application Experience\StartupAppTask
• Microsoft\Windows\Customer Experience Improvement Program\Consolidator
• Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
• Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
• Microsoft\Windows\Maps\MapsToastTask
• Microsoft\Windows\Maps\MapsUpdateTask
• Microsoft\Windows\Shell\FamilySafetyMonitor
• Microsoft\Windows\WDI\ResolutionHost
• Microsoft\Windows\Windows Media Sharing\UpdateLibrary
• Microsoft\Windows\Autochk\Proxy
• Microsoft\Windows\CloudExperienceHost\CreateObjectTask
• Microsoft\Windows\Feedback\Siuf\DmClient
• Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
• Microsoft\Windows\Shell\FamilySafetyRefreshTask
• Microsoft\Windows\Windows Error Reporting\QueueReporting
• Microsoft\XblGameSave\XblGameSaveTask

Privacy Mitigations

The following overview lists the modified settings that control the data that is sent to Microsoft by default. Read the Microsoft's documentation for more information about how to configure each setting.

• Disable Cortana.
• Disallow search and Cortana to use location.
• Do not allow web search.
• Disallow the user to change sign-in options.
• Disable the Azure AD Sign In button in the settings app.
• Block the Microsoft Account Sign-In Assistant.
• Disable the MSA Sign In button in the settings app.
• Disable camera usage on user's lock screen.
• Disable lock screen slideshow.
• Turn off unsolicited network traffic on the Offline Maps settings page.
• Disable Automatic Download and Update of Map Data.
• Enable Do Not Track in Microsoft Edge.
• Disallow web content on New Tab page in Microsoft Edge.
• Disable the advertising ID.
• Turn off location services.
• Disable automatic learning.
• Turn off updates to the speech recognition and speech synthesis models.
• Disallow Windows apps to access account information.
• Disable all feedback notifications.
• Set telemetry level to the lowest supported value (Enterprise/Education editions: supported telemetry level: Security. Otherwise: Basic).

Logon Script

You can use the accompanying logon script to apply following optimizations to new user profiles:

• Set Windows Explorer default 'Open To' behavior to 'This PC'.
• Show Computer shortcut on the desktop.
• Show known file extensions in Explorer.
• Disable 'Default Printer' feature.
• Disable 'Send Microsoft info about how I write to help us improving typing and writing in the future' functionality.
• Adjust feedback frequency. A value of 0 indicates that user is never prompted to provide feedback about Windows 10 functionality by Microsoft.

Good luck with your Windows 10 deployments!