Help a Crazy Ol' Sport (Settings for Maximum Privacy of Win10)

Lildidi

Member
I have a friend who has a friend and he's kinda crazy.

He says he likes privacy and security but privacy comes first. He wants complete silence.

This guy wants no automatic connections to Microsoft servers under any circumstances. Internet time, connection checker (NCSI), updates etc.
He needs only the necessary networking features available.

This guy,
1- Does not share files over LAN. No printers or remote connections.
2- Does not use software from Microsoft such as Internet Explorer, Skype, Cortana, MS games etc.
3- Uses a VPN client.
4- Activates Windows and Office with KMS
5- Uses Spotify, VLC player, Steam, Excel, qBittorrent among other mortal things.
6- Updates W10 only manually.
7- Uses a third party firewall. He likes to get rid of the native firewall but wonders if his firewall will cease to function.

Can you give a full template or general guidelines to this crazy ol’ sport?
 
Last edited:

nuhi

NTLite developer
Staff member
:)
- Remove all "Remoting and Privacy" components
- Setup the Settings - Privacy options.
Those two should remove most of the telemetry, but you can never get rid of all of it since it's per service or an app.
- If you rely on Windows 10 Firewall, keep the service at least, might start with the full Firewall and then remove the UI live if all fine, then see if the relying app still works.
- If you need Windows Updates to work, even manually offline, directly on that lite OS, then enable the Windows Update compatibility in Components toolbar, before any removals.
However, if you want a more privacy oriented updating, use the Source - Tools - Host Refresh, that way just need the Manual Setup/Host Refresh compatibility, and can remove the Windows Update components.
- there are Activation and KMS compatibilities, enable those.

So other than drivers and hardware support, you can remove all else. Make sure to let me know if you or your buddy's buddy see any issues.
 

Lildidi

Member
:)
- Remove all "Remoting and Privacy" components
Thanks nuhi

Can you explain network tab a little ?

1- DHCP Client - (The following system components depend on this service: Network Location Awareness(NLA) and Network List Sevice(NLS)) which IS strange because DHCP client does not have extra information on NTLite that indicates it’s needed for ‘Windows 10 networking’ while NLA and NLS has that information. Care to explain?

2- Computer Browser - Says it’s needed for process monitor – is that ctrl+alt+del > task manager > process view?

3- If you remove both the Internet Explorer Engine and IEFrame, is the worst that can happen to lose ‘services.msc descriptions on the left’ and ‘extended view for MMC’ and ‘control panel shortcuts to opening in new windows’ ? Does that mean you only lose some UI instead of any functionality?

4- Wired Autoconfig. Is that needed for wired connections from computer to the router?

5- Remote Differential Compression is recommended. But why? Because there’s a quote from wikipedia: “RDC is implemented in Windows operating systems essentially as an API, but is invoked by very little software, particularly on non-server systems.”
 
Last edited:

Kasual

Well-Known Member
Thanks nuhi

Can you explain network tab a little ?

1- DHCP Client - (The following system components depend on this service: Network Location Awareness(NLA) and Network List Sevice(NLS)) which IS strange because DHCP client does not have extra information on NTLite that indicates it’s needed for ‘Windows 10 networking’ while NLA and NLS has that information. Care to explain?

2- Computer Browser - Says it’s needed for process monitor – is that ctrl+alt+del > task manager > process view?

3- If you remove both the Internet Explorer Engine and IEFrame, is the worst that can happen to lose ‘services.msc descriptions on the left’ and ‘extended view for MMC’ and ‘control panel shortcuts to opening in new windows’ ? Does that mean you only lose some UI instead of any functionality?

4- Wired Autoconfig. Is that needed for wired connections from computer to the router?

5- Remote Differential Compression is recommended. But why? Because there’s a quote from wikipedia: “RDC is implemented in Windows operating systems essentially as an API, but is invoked by very little software, particularly on non-server systems.”

1.- NLA and NLS won't work without DHCP Client, dependencies are known over the time in most cases, troubleshooting.

2.- Computer browser is needed for network monitoring (Bluetooth, LAN, WLAN, etc. connections and speed connections), Networking tab on 7 and Performance tab in 10

3.- There are programs that need the IE engine or IEframe. Download a third party browser and have it handy when IE is removed.

4.- If you set a static IP, is safe to remove, otherwise, don't remove and it will set an automatic IP.

5.- Someone could found out that it is needed by some software.
 

pmikep

Active Member
May I politely suggest that the O.P. change (edit) the title of this thread to something more helpful like "Settings for Maximum Privacy of Win10"? This would help others now to know what the thread is really about. And it would help others in the future find the information in this thread when they look for privacy settings for themselves.
 

Lildidi

Member
1.- NLA and NLS won't work without DHCP Client, dependencies are known over the time in most cases, troubleshooting.

3.- There are programs that need the IE engine or IEframe. Download a third party browser and have it handy when IE is removed.
A- NLA and NLS, what are they good for? What does it mean "needed for w10 networking"? Does it mean to have any connection at all?

B- What are some of those programs which need IE engine or IEframe? Are they 3rd party programs?

Other questions:

1- Remote access connection manager's info on NTLite makes it seem like you need it for VPN connections although it's not protected by VPN compatibility. So do you need it for VPNs?

2- Microsoft Account and >Microsoft Passport is locked by 'core metro services' compatibility. Are core metro services the stuff about tiles and windows apps? Cause I'm not even using them.

3- What are these (under system tab): Anti-malware Scan Interface, Reliability analysis services, Credential manager, Device experience and Microsoft Sync Framework.

Extra: I learned that my firewall uses Windows Filtering Platform. Does WFP have anyting to do with Windows Firewall entries on NTlite?

Edit: I get more and more questions the more I look at NTLite. I wish notes were a little bit more explanatory. It could be better if someone like my friend (not me) shares their template.
 
Last edited:

ntliteaaa

New Member
:)
- Remove all "Remoting and Privacy" components
- Setup the Settings - Privacy options.
Those two should remove most of the telemetry, but you can never get rid of all of it since it's per service or an app.
- If you rely on Windows 10 Firewall, keep the service at least, might start with the full Firewall and then remove the UI live if all fine, then see if the relying app still works.
- If you need Windows Updates to work, even manually offline, directly on that lite OS, then enable the Windows Update compatibility in Components toolbar, before any removals.
However, if you want a more privacy oriented updating, use the Source - Tools - Host Refresh, that way just need the Manual Setup/Host Refresh compatibility, and can remove the Windows Update components.
- there are Activation and KMS compatibilities, enable those.

So other than drivers and hardware support, you can remove all else. Make sure to let me know if you or your buddy's buddy see any issues.
imho, this thread should be made Sticky at the very top of the forum, as many are using NTLite to harden privacy in W10; I'm surprised this thread is not longer...

anyhow, nuhi or others, I have a few questions:
1) if I use Skype, which components/settings should I keep (NOT remove)?
2) you mentioned "Setup the Settings - Privacy options" - is this done in Windows, not in NTLite? If done in NTLite, where?
3) you mentioned "Activation and KMS compatibilities, enable those" - is this done under the Components section?
4) you mentioned "Components toolbar" for enabling Windows Update compatibility - were you referring to the Components section?

Thank you very much in advance for any help and clarification!
 

PhsMu

Member
On this subject, any recommendations for someone who wishes to go about removing Windows Defender and Firewall and using 3rd party programs with our best interests' (and not microsoft's) at heart?
 

Clanger

Well-Known Member
I have seen posts where people say it can be done with Group Policy then dont tell you how :mad:. Lets say i use nuhi's tweaks, another program will say this and that needs tweaking, and another will say other things too, talk about confusing, whose word do you trust? :confused:
The only thing i could think of is combine the outputs of the most popular privacy tools along with nuhi's into 1 big file.
Problem is somethings remove a registry setting then the next program says it needs fixing because it looks for that reg setting. Best thing seemed to be is alter a setting only, dont delete it, and,,,,, Oh i dont know, it all makes my head spin. :confused::mad:
Airgapping and Debian is a damn sight easier to get my nut around.
 
Last edited:

PhsMu

Member
I use Windows Updates Blocker, W10Privacy, OOSU, WPD and WinAeroTweaker. The combo with a custom hosts file seems enough to break windows update yet keep all the stuff I actuall use and need working. They were also joined by Killer Control Center recently.
 
Top