Guide | Make Windows Completely Private

Yes you can make windows completely 100% private as if it was linux.
Ofcourse privacy doesn’t fix zero day security exploits.
For a first impression of what a truely optimized windows looks like check the screenshots below.

➤ 1 Download the official windows iso from microsofts website (The iso NOT the mediacreationtool !!)
If you can’t download the iso install the useragentswitcher browser extension and switch to linux
https://microsoft.com/en-us/software-download/windows10ISO
User-Agent Switcher and Manager – Get this Extension for 🦊 Firefox (en-US)

➤ 2 Download rufus and use it to create a bootable usb drive with the windows iso file
Rufus - Create bootable USB drives the easy way

➤ 3 Use the bootable usb drive to Install windows 10 pro offline
You will have to boot into BIOS mode and change the primary boot device to the usb drive

➤ 4 Use https://privacy.sexy to generate a script that will rip the guts of microsoft out of windows
Use either one of the predefined settings (standard, strict, all) or create your own script via options.
Be careful when creating your own script, you can break functionality like windows search.

➤ 5 Install Device Drivers
If you have an nvidia GPU use NVCleanstall for an installation that will remove MOST of the
integrated driver spyware https://techpowerup.com/download/techpowerup-nvcleanstall/
Install your CPU chipset but DO NOT install intel management engine!
Intel Desktop Chipsets - Latest Motherboard Desktop and PC Chipsets
https://amd.com/en/support

➤ 6 Install Netframework Offline
Many programs require old netframework version to work.
To install offline without using windowsupdate you need a copy of the windows iso you previously
downloaded.
Mount the windows iso
Open powershell as administrator
Use this command to install netframework:
Dism /online /enable-feature /featurename:NetFX3 /All /Source:X:\sources\sxs /LimitAccess
Replace Source:X: with whatever the location of your mounted iso is, for example Source:D:

➤ 7 Install Visual Studio Redistributables
Latest supported Visual C++ Redistributable downloads | Microsoft Learn

➤ 8 Install Librewolf WebBrowser (no extensions required, ublockorigin is already preinstalled)
Installation – LibreWolf
Searchengines:
https://search.brave.com
https://searx.tiekoetter.com/

➤ 9 Use ShutUp10 to modify windows privacy settings
Recommended: Klick on “actions” select “activate all privacy settings”, then manually uncheck what
you need.
Examples: microphone, camera, bluetooth, notifications.
O&O ShutUp10++ – Free antispy tool for Windows 10 and 11

➤ 10 Go Online for the first time, instantly install Portmaster from https://safing.io
Configure portmaster to block all connections by default and only allow what you need.
Check the systemdnsclient connections in portmaster and block anything you don’t know.
There should not be many connections to block if you used https://privacy.sexy to cleanup windows.
Examples you should block:
go.microsoft.com
ctldl.windowsupdate.com
services.gfe.nvidia.com (block if using nvidia GPU, even if you use nvcleanstall)
Also make sure you set Quad9 as your DNS server within portmaster.

➤ 11 Install ProtonVPN (use this VPN whenever you go online to protect your identity)
Download VPN | Proton VPN

Obviously as you will do almost all of these steps offline you will have to downloaded all the software beforehand and copy it to an offline drive which you can access without any internet connection.
A usbdrive would be enough.
Software that is generally recommended and you should use because https://privacy.sexy will delete all preinstalled garbage apps.
https://7-zip.org/ (compression software)
https://notepad-plus-plus.org/ (windows notepad on steroids)
Official download of VLC media player, the best Open Source player - VideoLAN (video and photo viewer)

If you wish to delete certain parts of windows or take ownership of them which by default your administratoraccount has no access to, use NSudo which is a extremly powerfull windows admin-tool that lets you take full control over windows.
https://github.com/M2TeamArchived/NSudo/releases/download/6.2/NSudo_6.2.1812.31_All_Binary.zip
Examples of what you should delete: (No deleting those won’t break anything, renaming also works)
smartscreen.exe
upfc.exe
Compatibility Telement.exe
CompPkgSrv.exe
mobsync.exe
GameBarPresenceWriter.exe
microsoftedge

Windows Taskmanager Clean12560×1440 834 KB

Windows Taskmanager Clean22560×1440 460 KB

Windows Taskmanager Clean32560×1440 455 KB

How does using ltsc iso as a starting point changes things?

I recommend Ventoy for making boot-able usb’s.

Windows enterprise group policies are better for handling privacy and security, some relevant links:

Windows 11 offers better security, Windows 11 Enterprise should be what you choose. As you already said group policies are much easier in Enterprise Windows. I wouldn’t recommend O&O Shutup because it isn’t open source, https://privacy.sexy seems like the best option but you should still check the script before running it.

Also there was some effort to create a windows guide on privacy guides but hasn’t been published yet, I just used some of the info on here to get my Windows 11 Enterprise setup.

I probably wouldn’t delete essential programs in Windows or you might break some security features.

This just seems hyperbolic to me. Running some custom programs and scripts can make Windows more private, sure (though some of these scripts can also cause security and stability issues), but it can’t fundamentally rewrite a close-source and privacy-invasive OS to make it as private as most Linux distros are.

Is there anything wrong wirth rufus?

Windows 11 is utter garbage. Has Windows become Spyware? - Invidious
Before touching that 11 crap i’ll switch to linux.

Forget about enterprise you don’t need to pay for that dumb activation key.
Get the pro edition and modify it as brutal as you like and the result will be complete privacy, not to be confused with security ofc.
You need the know how, which i have and it is certainly possible to make windows fully private by ripping the guts of microsoft out of the OS, and no this won’t break functionality.
Many programs try to immediately phone home when you start them, shutup10 doesn’t, it doesn’t have any connections at all.
Obviously you need to be mindful of your actions with privacy.sexy as it can break certain functionality like windows search.

I never mentioned security here, linux is ahead in security of silly windows.
This thread is about privacy.

Well i don’t care about your opinion in this case because i see the facts with my own eyes.
I’m using windows 10 pro with portmaster which allows me to see all connections that my device makes, and i will tell you only so much that my windows pc has ZERO connections after booting where normally it would already be connected to various servers instantly after booting/while booting.
I’ve been routinely monitoring portmaster and keeping an eye over the connections, it’s always the same there are no connections unless i start a program, the only program that constantly has network access is portmaster obviously.

Simply put, yes you can make windows as private as linux.

I mean yes, that is the consumer version of Windows 11, Windows 11 Enterprise has significantly less bloatware and telemetry, uninstalling some of the preinstalled applications and modifying some group policy will stop basically all of the invasive telemetry as you can set the diagnostic data to off unlike on Windows 11/10 Pro or Home. You should check out the links that @lepras posted about editing group policy as this would be preferred to running third party scripts. You don’t want to modify it too heavily as you could break things that are important for a functioning system.

You still need to make connections to Microsoft obviously, for updates, security patches and microsoft defender. Windows 11 introduced lots of security features so if your system supports it you should definitely use it.

To download the ISO. Follow these steps :

• Download Media Creation tool under Windows 11 Installation Media
• Open a Command prompt terminal in the directory where mediacreationtool.exe is downloaded.
• And Input the following Command :

mediacreationtool.exe /Eula Accept /Retail /MediaArch x64 /MediaLangCode en-US /MediaEdition Enterprise

• If it asks for Activation key, Use this Generic Key XGVPP-NMH47-7TTHJ-W3FW7-8HV2C. This will just allow you to download the ISO but activation is totally upon the user.
• Accept the UAC prompt
• Download the ISO file or flash to a USB as you wish

You can use it without a license key or use an activator.

Rufus and Etcher are the two apps other than Ventoy that I have used recently.
Ventoy is my preferred tool as you do not have to reformat the entire drive just to use a revised .iso. You can update Ventoy and as you download new .iso files you just delete the old .iso and replace it.
Unless I am unaware with rufus, used it last night, when a new .iso is available you have to reformat.

You just said it yourself, “Windows 11 Enterprise has significantly less bloatware and telemetry.”
It still has some, you are effectively giving your control in the hands of microsoft and trusting them in protecting your privacy by changing some policy settings.
It may be windows 11 enterprise, it is still windows controlled by microsoft.
Instead of having a false sense of privacy because of using a certain windows version, take control in your own hands and do what is necessary to really make the os private, anything else is pointless.

And again “You still need to make connections to Microsoft obviously, for updates, security patches and microsoft defender.”
No, you don’t need to make those connections and if you really care about privacy you wouldn’t even consider that. Cut microsoft off from connecting to your computer completely is the only logical way to ensure they don’t collect any type of data about you or your device.

Using the media creationtool is also only a method people use when they don’t know what they are doing, i download the ISO directly without that nonsense tool.

I know that the enterprise version is better than pro and home, it’s still not trustworthy just like anything that connects to ms.
Where did you find that key XGVPP-NMH47-7TTHJ-W3FW7-8HV2C
Will this generic key not trigger the activation watermarker after some period of time?

You can’t download the Windows 11 Enterprise ISO (not evaluation) without using the media creation tool.

Security patches are important if you don’t have them installed then you will lose all your ‘privacy’ once someone pwns with an exploit in windows.

Privacy isn’t black and white, disabling telemetry and only allows required connections for the operating system to function correctly, it is still a significant gain in privacy.

Yes it is the generic Windows 11 Enterprise key that will allow you to download the Windows 11 Enterprise ISO through the media creation tool.

It is still an improvement over Windows 11 Pro and Home and should still be considered.

To get a virus or a hacker accessing your system they will first need to get in.
Simplewall+Portmaster both can be set to block all connections by default, nothing can phone in or out, unless whatever attempts to take control of the system knows how to bypass both.
I don’t really give a s*** about security patches when the only way to get them is by connecting to microsoft, they should rebrand themselfes to micromalware, that’s what they are, data thiefs, criminals.

This post isn’t addressed to @FreeMind . It’s unlikely that his opinions are to be changed.

To others reading the thread, installing security patches is highly recommended. A firewall can’t protect you against targeted malware or phishing attacks. Firewalls are useless against malware, ransomware, 0day kernel rootkits etc.

Thanks for your thoughts man i always update all of my devices

If you’re on linux there’s zero reason to complain about security updates, thing is we are talking about windows here.
Microsoft Windows is the definition of spyware.
Falling for a phishing attack is your fault, you klicked that totally not suspicious email link.

At the end of the day it’s your choice, use an updates system that constantly phones home to microsoft which collects your personal data just like a criminal or use a system that doesn’t phone to ms and be mindful of your actions.
Who cares about a virus that steals your personal information when your official operatingsystem already does that job, zzz.