Guide | Make Windows Completely Private

Yes you can make windows completely 100% private as if it was linux.
Ofcourse privacy doesn’t fix zero day security exploits.
For a first impression of what a truely optimized windows looks like check the screenshots below.

➤ 1 Download the official windows iso from microsofts website (The iso NOT the mediacreationtool !!)
If you can’t download the iso install the useragentswitcher browser extension and switch to linux
https://microsoft.com/en-us/software-download/windows10ISO
User-Agent Switcher and Manager – Get this Extension for 🦊 Firefox (en-US)

➤ 2 Download rufus and use it to create a bootable usb drive with the windows iso file
Rufus - Create bootable USB drives the easy way

➤ 3 Use the bootable usb drive to Install windows 10 pro offline
You will have to boot into BIOS mode and change the primary boot device to the usb drive

➤ 4 Use https://privacy.sexy to generate a script that will rip the guts of microsoft out of windows
Use either one of the predefined settings (standard, strict, all) or create your own script via options.
Be careful when creating your own script, you can break functionality like windows search.

➤ 5 Install Device Drivers
If you have an nvidia GPU use NVCleanstall for an installation that will remove MOST of the
integrated driver spyware https://techpowerup.com/download/techpowerup-nvcleanstall/
Install your CPU chipset but DO NOT install intel management engine!
Intel Desktop Chipsets - Latest Motherboard Desktop and PC Chipsets
https://amd.com/en/support

➤ 6 Install Netframework Offline
Many programs require old netframework version to work.
To install offline without using windowsupdate you need a copy of the windows iso you previously
downloaded.
Mount the windows iso
Open powershell as administrator
Use this command to install netframework:
Dism /online /enable-feature /featurename:NetFX3 /All /Source:X:\sources\sxs /LimitAccess
Replace Source:X: with whatever the location of your mounted iso is, for example Source:D:

➤ 7 Install Visual Studio Redistributables
Latest supported Visual C++ Redistributable downloads | Microsoft Learn

➤ 8 Install Librewolf WebBrowser (no extensions required, ublockorigin is already preinstalled)
Installation – LibreWolf
Searchengines:
https://search.brave.com
https://searx.tiekoetter.com/

➤ 9 Use ShutUp10 to modify windows privacy settings
Recommended: Klick on “actions” select “activate all privacy settings”, then manually uncheck what
you need.
Examples: microphone, camera, bluetooth, notifications.
O&O ShutUp10++ – Free antispy tool for Windows 10 and 11

➤ 10 Go Online for the first time, instantly install Portmaster from https://safing.io
Configure portmaster to block all connections by default and only allow what you need.
Check the systemdnsclient connections in portmaster and block anything you don’t know.
There should not be many connections to block if you used https://privacy.sexy to cleanup windows.
Examples you should block:
go.microsoft.com
ctldl.windowsupdate.com
services.gfe.nvidia.com (block if using nvidia GPU, even if you use nvcleanstall)
Also make sure you set Quad9 as your DNS server within portmaster.

➤ 11 Install ProtonVPN (use this VPN whenever you go online to protect your identity)
Free VPN download for your device | Proton VPN

Obviously as you will do almost all of these steps offline you will have to downloaded all the software beforehand and copy it to an offline drive which you can access without any internet connection.
A usbdrive would be enough.
Software that is generally recommended and you should use because https://privacy.sexy will delete all preinstalled garbage apps.
https://7-zip.org/ (compression software)
https://notepad-plus-plus.org/ (windows notepad on steroids)
Official download of VLC media player, the best Open Source player - VideoLAN (video and photo viewer)

If you wish to delete certain parts of windows or take ownership of them which by default your administratoraccount has no access to, use NSudo which is a extremly powerfull windows admin-tool that lets you take full control over windows.
https://github.com/M2TeamArchived/NSudo/releases/download/6.2/NSudo_6.2.1812.31_All_Binary.zip
Examples of what you should delete: (No deleting those won’t break anything, renaming also works)
smartscreen.exe
upfc.exe
Compatibility Telement.exe
CompPkgSrv.exe
mobsync.exe
GameBarPresenceWriter.exe
microsoftedge



6 Likes

How does using ltsc iso as a starting point changes things?

I recommend Ventoy for making boot-able usb’s.

Windows enterprise group policies are better for handling privacy and security, some relevant links:

Windows 11 offers better security, Windows 11 Enterprise should be what you choose. As you already said group policies are much easier in Enterprise Windows. I wouldn’t recommend O&O Shutup because it isn’t open source, https://privacy.sexy seems like the best option but you should still check the script before running it.

Also there was some effort to create a windows guide on privacy guides but hasn’t been published yet, I just used some of the info on here to get my Windows 11 Enterprise setup.

I probably wouldn’t delete essential programs in Windows or you might break some security features.

This just seems hyperbolic to me. Running some custom programs and scripts can make Windows more private, sure (though some of these scripts can also cause security and stability issues), but it can’t fundamentally rewrite a close-source and privacy-invasive OS to make it as private as most Linux distros are.